Windows Analysis Report
SetupPoker.exe

Overview

General Information

Sample name:	SetupPoker.exe
Analysis ID:	1431066
MD5:	343388c9516bc04f4ed06d6f1353f602
SHA1:	b124bf52a708dc990ed302519b434fac3565e190
SHA256:	33fe69e83c850f8b4b090b862cb38648a77c68f251cd6e9bd975ac2aa917ac05
Infos:

Detection

Score:	39
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Multi AV Scanner detection for submitted file

Writes many files with high entropy

Allocates memory with a write watch (potentially for evading sandboxes)

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Uses 32bit PE files

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SetupPoker.exe

Virustotal: Detection: 7%

Perma Link

Uses 32bit PE files

Source: SetupPoker.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\WebInstaller_7012.log

Jump to behavior

Source: SetupPoker.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49833 version: TLS 1.2

Source: SetupPoker.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\repo\web-installer-new\WebInstaller\Release\WebInstaller.pdb source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Source: C:\Users\user\Desktop\SetupPoker.exe

Directory queried: number of queries: 1001

Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\index.html	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWluc3RhbGxlcl9pbml0Jm9zPSg5MjAwKV82NGJpdCZvc19sYW5nPTIwNTcmaWVfdmVyPTExLjc4OS4xOTA0MS4wJnByb2Nlc3NfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImdmVyaWZpZXI9YzBjMThlYWI0ZmI3ZWQ5NmJkMzM3ZGM2YmRmMGNmOTkmdXNlcl9pZD1DNDlGQkU2QjQ1MTc0OEE1QjM2RDFDMzJDQzI5RENCQiZpbnN0YWxsZXJfdmVyPTEuMS4xLjM2JnRpbWVzdGFtcD0xNzEzOTY2NTQ0NDM5JmFkbWludXNlcj0xJnN0YXJ0dGltZT0xNzEzOTY2NTQ0JmxpZmV0aW1lPTA%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU0ODc2OCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT00 HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU1MzkxMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05 HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU2MjYxNiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xOA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU3MzE2MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0yOQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU4Njg0OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT00Mg%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYwMzE0MiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT01OQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYwNjY0MiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02Mg%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYwODc5OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02NA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxMTE1NSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02Nw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxMzIyOCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02OQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxNDgzMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03MA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxNjM3OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03Mg%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxNzk0MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03Mw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxOTUwNyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03NQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyMTA4NCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03Nw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyMjY0NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03OA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyNDIyMiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04MA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyNTc5MyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04MQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyNzM1MiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04Mw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyODkzNCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04NA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzMDQ5NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04Ng%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzMjA1OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04OA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzMzYwNyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04OQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzNTIwNiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05MQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzNjc1NSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05Mg%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzODMwMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05NA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzOTg2OCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05NQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0MTQ0MCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05Nw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0MzAwNyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05OA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0NDU2NiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDA%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0NjE0NiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDI%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0NzcxMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDM%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0OTI5MyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDU%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1MDg1NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDY%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1MjQwNCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDg%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1Mzk4NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDk%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1NTU1NCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTE%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1NzE1NSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTM%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1ODcyMCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTQ%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2MDI5OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTY%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2MTg4MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTc%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2MzQ0NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTk%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2NTAwOCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjA%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2NjU1MyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjI%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2ODE4MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjQ%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2OTc0NCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjU%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: stats.ptinstaller.com
Source: global traffic	DNS traffic detected: DNS query: d3a6p9a3vksur7.cloudfront.net

Source: SetupPoker.exe, 00000000.00000003.1406630300.0000000004F24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET
Source: SetupPoker.exe, 00000000.00000003.1191930955.000000000638D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.00000000061D1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1333495568.0000000006084000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1442450512.0000000006150000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1268648812.000000000621C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.0000000006099000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.0000000006156000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.0000000006148000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1241553559.000000000AF28000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1335493226.000000000621C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.000000000621C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1268165536.00000000061D2000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1216617589.0000000006391000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.000000000614D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4
Source: SetupPoker.exe, 00000000.00000003.1190103747.00000000050F6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1258601555.0000000006064000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1300859702.0000000004B29000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050C4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1626296392.0000000005F64000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1402614507.00000000050CB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.00000000060A1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360679068.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1218193113.00000000051C6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1
Source: SetupPoker.exe, 00000000.00000003.1224191324.000000000ADD4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1595144997.00000000043E9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.0000000006183000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.00000000043DC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1167158636.00000000061BB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1165848039.0000000006210000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1245174803.0000000006717000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1392875491.00000000060D8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.000000000624E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1264527458.0000000006183000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1701611389.00000000043DC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1255503353.00000000063F6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1213792050.0000000006156000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.00000000066F8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.0000000005FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1)
Source: SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1362088292.0000000005049000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1331356923.00000000051AC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1198655475.00000000062CE000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1299279940.00000000043F3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1595144997.00000000043E9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217463206.0000000005203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B1C7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1337919156.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1542694460.0000000004F0F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1296337097.000000000632F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.000000000611E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1215276416.0000000005FB9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1572384432.000000000B143000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1453896201.0000000006373000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1299279940.0000000004407000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1346696740.00000000065BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1350633613.000000000638D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1291770213.0000000005202000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1447884721.00000000061D1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1.
Source: SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348043288.000000000510A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=15
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1195088513.0000000006064000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1a
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1518487884.00000000050B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1c
Source: SetupPoker.exe, 00000000.00000003.1337919156.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1298889123.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1ct
Source: SetupPoker.exe, 00000000.00000003.1190103747.000000000509D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1le=
Source: SetupPoker.exe, 00000000.00000003.1703524762.000000000509F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1nd
Source: SetupPoker.exe, 00000000.00000003.1481734742.0000000000AB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8lay
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SetupPoker.exe, 00000000.00000003.1622962938.0000000005124000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360608826.0000000005122000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1251015133.0000000005123000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1518487884.000000000511B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1540007881.0000000005125000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainp
Source: SetupPoker.exe, 00000000.00000003.1213792050.000000000611A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage
Source: SetupPoker.exe, 00000000.00000003.1269594656.0000000006064000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp
Source: SetupPoker.exe, 00000000.00000003.1297649621.00000000060C9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.0000000006099000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1295185122.000000000626F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360
Source: SetupPoker.exe, 00000000.00000003.1213792050.000000000611A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sct
Source: SetupPoker.exe, 00000000.00000003.1700759347.00000000051E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&p
Source: SetupPoker.exe, 00000000.00000003.1698105535.000000000510C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=
Source: SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1390999242.00000000051C6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1392532156.00000000066A2000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1466796455.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1292095846.000000000602B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1742950222.00000000060A3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.0000000006228000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1698105535.00000000050EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1
Source: SetupPoker.exe, 00000000.00000003.1481734742.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid
Source: SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1
Source: SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348043288.000000000510A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1(
Source: SetupPoker.exe, 00000000.00000003.1402614507.00000000050CB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.00000000060A1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1496683638.000000000612D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360679068.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1339229270.000000000619C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1609163367.0000000004C04000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1349563072.0000000005FBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1.
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.000000000611E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217835040.0000000004455000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1212669059.00000000061C1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1165452459.00000000051A5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.000000000611E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1252849268.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1297649621.00000000060C9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1260325059.00000000061C6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1365625267.000000000611D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1392875491.0000000006129000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1405857455.0000000004458000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1621156221.000000000635D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1241553559.000000000AF28000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1543908829.000000000635C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360232511.00000000060E5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.00000000061A8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1196691826.0000000004455000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1.9.6
Source: SetupPoker.exe, 00000000.00000003.1337919156.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1298889123.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1:
Source: SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348043288.000000000510A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1C
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1I
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1190979187.0000000006108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1JQ
Source: SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348043288.000000000510A000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1458910649.000000000510E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1RZ
Source: SetupPoker.exe, 00000000.00000003.1521972869.000000000618C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1RZU
Source: SetupPoker.exe, 00000000.00000003.1213151253.00000000050AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1ct
Source: SetupPoker.exe, 00000000.00000003.1213151253.00000000050AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1le=
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1ll4
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1nd
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1190979187.0000000006108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1qP:
Source: SetupPoker.exe, 00000000.00000003.1190103747.000000000509D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1t
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1337919156.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1298889123.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1te
Source: SetupPoker.exe, 00000000.00000003.1190103747.000000000509D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1vaT
Source: SetupPoker.exe, 00000000.00000003.1532149058.0000000006297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1?
Source: SetupPoker.exe, 00000000.00000003.1521972869.00000000060C6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1294123197.00000000061AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1D
Source: SetupPoker.exe, 00000000.00000003.1392875491.000000000618C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1HAVE
Source: SetupPoker.exe, 00000000.00000003.1165848039.0000000006210000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1N9
Source: SetupPoker.exe, 00000000.00000003.1611593972.00000000063F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1nachetAttribL0.ui
Source: SetupPoker.exe, 00000000.00000003.1698105535.00000000050EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4.
Source: SetupPoker.exe, 00000000.00000003.1405857455.0000000004460000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1480957110.0000000004462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360):n===
Source: SetupPoker.exe, 00000000.00000003.1409970289.0000000006084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360ohW
Source: SetupPoker.exe, 00000000.00000003.1521972869.0000000006104000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360t
Source: SetupPoker.exe, 00000000.00000003.1215276416.0000000005FC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360ui-datepicker-group
Source: SetupPoker.exe, 00000000.00000003.1247345609.000000000B0D7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1242698688.000000000B12F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.000000000440B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1588994617.000000000650F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1328744745.000000000B091000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1327375458.000000000B168000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1222273109.0000000005A50000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1572384432.000000000B0FF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B1F0000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1433754664.000000000B1E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com
Source: SetupPoker.exe, 00000000.00000003.1288634453.000000000AAD6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1512277805.0000000004214000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1163768777.00000000041A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://localhost/playtech-assests/playtech_notifications/brands/config.brandFolder
Source: SetupPoker.exe, 00000000.00000003.1288634453.000000000AAD6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1512277805.0000000004214000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1163768777.00000000041A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://localhost/playtech-assests/playtech_with_zips/brands/config.brandFolder
Source: SetupPoker.exe, 00000000.00000000.1128251483.000000000021E000.00000002.00000001.01000000.00000003.sdmp, SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://log.web-installer-assets.com/installer_logs
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: SetupPoker.exe, 00000000.00000003.1203683038.0000000006420000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://poker.bet365.com/home/en/
Source: SetupPoker.exe, 00000000.00000003.1532812270.00000000061D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://poker.bet365.com/home/en/W
Source: SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1269670994.0000000006426000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217463206.0000000005203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1538413353.0000000005201000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1241553559.000000000AF28000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.00000000061D1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1295185122.000000000626F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://poker.bet365.com/home/en/n0
Source: SetupPoker.exe, 00000000.00000003.1455550723.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/sta
Source: SetupPoker.exe, 00000000.00000003.1247345609.000000000B0D7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1734471646.000000000B367000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1242698688.000000000B12F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1588994617.000000000650F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1328744745.000000000B091000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1327375458.000000000B168000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.000000000442B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1222273109.0000000005A50000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1387555004.0000000004210000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1673754849.000000000AADB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1648619192.000000000503C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B1F0000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1433754664.000000000B1E3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1512911017.000000000AADA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1648619192.0000000005021000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1678150128.000000000AAFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1210337444.0000000004203000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/stats.gif
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/stats.gif?event=100&brand=Poker
Source: SetupPoker.exe, 00000000.00000003.1614315789.00000000060CF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1196561269.0000000005FAA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1446454182.0000000006064000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1483430393.000000000B0E2000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1347089871.00000000060BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1442450512.00000000060C8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1700759347.00000000051C9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.0000000006064000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1540127876.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1626296392.0000000005F64000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1218193113.00000000051C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90
Source: SetupPoker.exe, 00000000.00000003.1576248421.00000000065AB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/stats.gif?v=2&data=zxzlbnq9mtawjmjyyw5kpvbva2vyigf0iejlddm2nszldmvudf90
Source: SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com
Source: SetupPoker.exe, 00000000.00000003.1471854227.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1490559578.0000000006000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com#
Source: SetupPoker.exe, 00000000.00000003.1734189784.0000000006581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com)
Source: SetupPoker.exe, 00000000.00000003.1609163367.0000000004C04000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com.
Source: SetupPoker.exe, 00000000.00000003.1251559739.00000000060C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com1
Source: SetupPoker.exe, 00000000.00000003.1471854227.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1490559578.0000000006000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com3
Source: SetupPoker.exe, 00000000.00000003.1642502208.0000000004386000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1408519751.0000000004385000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.0000000004385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com7
Source: SetupPoker.exe, 00000000.00000003.1734189784.0000000006581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com9
Source: SetupPoker.exe, 00000000.00000003.1442450512.00000000060FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com:
Source: SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1345242474.00000000062EE000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1331356923.00000000051A5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1362088292.0000000005049000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1480200025.0000000005198000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1699540762.0000000005201000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1595144997.00000000043E9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217463206.0000000005203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.00000000043B1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1340457919.0000000005F5D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1542694460.0000000004F0F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1199918159.00000000060BC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1199619061.0000000006122000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.00000000043DC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1471129585.000000000520D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.000000000619E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1572384432.000000000B143000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1453896201.0000000006373000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1252849268.00000000043BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com;
Source: SetupPoker.exe, 00000000.00000003.1215276416.000000000602C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com?h
Source: SetupPoker.exe, 00000000.00000003.1408519751.00000000043B5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.00000000043B1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353797317.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1450574053.00000000043BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comB
Source: SetupPoker.exe, 00000000.00000003.1734189784.0000000006581000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1251559739.00000000060C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comQ
Source: SetupPoker.exe, 00000000.00000003.1442450512.00000000060FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comR
Source: SetupPoker.exe, 00000000.00000003.1199275844.0000000005F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comT:
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1190979187.0000000006108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comX
Source: SetupPoker.exe, 00000000.00000003.1215276416.000000000602C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com_h
Source: SetupPoker.exe, 00000000.00000003.1335493226.0000000006257000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comal
Source: SetupPoker.exe, 00000000.00000003.1408519751.00000000043B5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.00000000043B1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353797317.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1450574053.00000000043BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comlo
Source: SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1269670994.0000000006426000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217463206.0000000005203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1538413353.0000000005201000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1241553559.000000000AF28000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.00000000061D1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1295185122.000000000626F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comn0
Source: SetupPoker.exe, 00000000.00000003.1734189784.0000000006581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comq
Source: SetupPoker.exe, 00000000.00000003.1408519751.00000000043B5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.00000000043B1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353797317.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1450574053.00000000043BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comv
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: SetupPoker.exe, 00000000.00000003.1455550723.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/
Source: SetupPoker.exe, 00000000.00000003.1648619192.0000000005021000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1678150128.000000000AAFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1210337444.0000000004203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1286318811.0000000005AC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/cabs/poker_bet365_com/
Source: SetupPoker.exe, 00000000.00000003.1576248421.00000000065AB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1610049126.00000000065AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/index.7z
Source: SetupPoker.exe, 00000000.00000003.1161764203.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/index.7zo/
Source: SetupPoker.exe, 00000000.00000003.1648619192.0000000005021000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1678150128.000000000AAFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1210337444.0000000004203000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/
Source: SetupPoker.exe, 00000000.00000003.1729222927.0000000005AB7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/D
Source: SetupPoker.exe, 00000000.00000003.1610049126.00000000065B9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1365625267.000000000611D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1266908713.00000000061A9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1602535050.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1392532156.00000000066A2000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1617470375.0000000006025000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1276362442.0000000005ADE000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1354899913.0000000005FB1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1565113121.0000000005AD0000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1299279940.00000000043CA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1263345758.00000000062A7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1616377803.00000000066B7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1335299858.0000000005FA6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1265925218.00000000066B7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353927748.00000000061A4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1237390627.0000000005E03000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1183829160.0000000005C10000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1213792050.0000000006156000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.00000000061A8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1659074011.0000000009A26000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1595144997.00000000043C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7z
Source: SetupPoker.exe, 00000000.00000003.1450574053.00000000043BD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1479485767.00000000043BB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1642245601.00000000043BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7zC
Source: SetupPoker.exe, 00000000.00000003.1265237703.0000000006230000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.000000000622E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1335493226.000000000621C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1745496128.0000000006236000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7zl
Source: SetupPoker.exe, 00000000.00000003.1745496128.0000000006236000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7zu
Source: SetupPoker.exe, 00000000.00000003.1265237703.0000000006230000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.000000000622E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7z~
Source: SetupPoker.exe, 00000000.00000003.1700759347.00000000051C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfrontw
Source: SetupPoker.exe, 00000000.00000003.1247345609.000000000B0D7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1734471646.000000000B367000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1242698688.000000000B12F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1588994617.000000000650F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1328744745.000000000B091000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000000.1128251483.000000000021E000.00000002.00000001.01000000.00000003.sdmp, SetupPoker.exe, 00000000.00000003.1327375458.000000000B168000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.000000000442B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1222273109.0000000005A50000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1387555004.0000000004210000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1673754849.000000000AADB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1648619192.000000000503C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B1F0000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1433754664.000000000B1E3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1512911017.000000000AADA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1648619192.0000000005021000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1678150128.000000000AAFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1210337444.0000000004203000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dl-com.p365play.com/download/poker/client_update_urls.php
Source: SetupPoker.exe, 00000000.00000003.1599443576.00000000051C8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1463944166.00000000060C7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1576248421.000000000658F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1462128666.0000000004C0C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1340908766.00000000065F4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1492834099.00000000066F0000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1251559739.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1194844392.0000000005FC8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1328744745.000000000B091000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1246215557.00000000065DD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1612066844.000000000672B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1609163367.0000000004C0F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1254269839.0000000004399000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1450574053.0000000004391000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1269321873.00000000065F4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1290970800.00000000065BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1732076953.0000000000B9F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1215276416.0000000005FB9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.00000000043CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery-ui
Source: SetupPoker.exe, 00000000.00000003.1361142880.00000000062D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: SetupPoker.exe, 00000000.00000003.1521972869.0000000006111000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1190979187.0000000006108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: SetupPoker.exe, 00000000.00000003.1462486583.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1340279904.000000000633F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1479726702.0000000006344000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2m
Source: SetupPoker.exe, 00000000.00000003.1392875491.000000000618C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1201822631.00000000061A4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1486934205.00000000061A9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1266908713.00000000061A9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353927748.00000000061A4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1213792050.0000000006156000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.00000000061A8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1260626458.00000000061A3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1294123197.0000000006190000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1493512647.00000000061A9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1339229270.000000000619C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: SetupPoker.exe, 00000000.00000003.1191930955.0000000006301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srfC:
Source: SetupPoker.exe, 00000000.00000003.1462486583.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360389090.000000000633C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1270430219.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1640862235.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1480720293.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1345242474.000000000633B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49833 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (12).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (13).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (14).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (15).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (16).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (17).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (18).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (19).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (20).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (21).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (22).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (23).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (24).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (25).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (26).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\index[1].7z entropy: 7.9994060033	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\index.7z entropy: 7.9994060033	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\index[1].7z entropy: 7.9994060033	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new.7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (27).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (28).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (29).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (30).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (31).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (32).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (33).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (34).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\new[1].7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (35).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (1).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (36).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\index[1].7z entropy: 7.9994060033	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (37).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (38).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (39).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (40).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (2).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (41).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\new[1].7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (42).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (3).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (43).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (4).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (44).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (5).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (6).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (7).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (8).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (9).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (10).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (11).7z entropy: 7.99335034694	Jump to dropped file

Sample file is different than original file name gathered from version info

Source: SetupPoker.exe, 00000000.00000000.1128251483.000000000021E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameinstaller.exe@ vs SetupPoker.exe
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameinstaller.exe@ vs SetupPoker.exe

Uses 32bit PE files

Source: SetupPoker.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus39.rans.winEXE@1/70@2/2

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Program Files (x86)\tempo_41

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\stats[1].gif

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\

Jump to behavior

Source: SetupPoker.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SetupPoker.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SetupPoker.exe

Virustotal: Detection: 7%

Source: C:\Users\user\Desktop\SetupPoker.exe

File read: C:\Users\user\Desktop\SetupPoker.exe

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: uiautomationcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SetupPoker.exe

Static PE information: certificate valid

Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SetupPoker.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SetupPoker.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\repo\web-installer-new\WebInstaller\Release\WebInstaller.pdb source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp

Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\WebInstaller_7012.log

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 4800000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 4E10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5390000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 53B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 4300000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 53D0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5800000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5A50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5C30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5CD0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5D70000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5DB0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5E30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5EB0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 59E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5ED0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5EF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5F10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5F30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 53F0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 6750000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5410000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 9950000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 9970000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 9990000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 99B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5B70000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5BF0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 54C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A6A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A6C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A6E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A720000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A7C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A7F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: ACA0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5520000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A7C0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A810000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A7C0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A950000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A640000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5B20000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5A50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A740000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A980000 memory commit \| memory reserve \| memory write watch

Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\index.html	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: SetupPoker.exe, 00000000.00000003.1455550723.0000000000A95000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SetupPoker.exe, 00000000.00000003.1455550723.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWndow Class

Source: C:\Users\user\Desktop\SetupPoker.exe

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SetupPoker.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Source: C:\Users\user\Desktop\SetupPoker.exe

Directory queried: number of queries: 1001

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
52.213.137.28	stats.ptinstaller.com	United States		16509	AMAZON-02US	false
52.85.39.184	d3a6p9a3vksur7.cloudfront.net	United States		16509	AMAZON-02US	false

Contacted Domains

Name	IP	Active
stats.ptinstaller.com	52.213.137.28	true
d3a6p9a3vksur7.cloudfront.net	52.85.39.184	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxMzIyOCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02OQ%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyODkzNCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04NA%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzMDQ5NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04Ng%3D%3D	false	Avira URL Cloud: safe	unknown
https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/index.7z	false		high
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1NTU1NCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTE%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU0ODc2OCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT00	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzMjA1OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04OA%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0NDU2NiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDA%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0OTI5MyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDU%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxMTE1NSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02Nw%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzMzYwNyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04OQ%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyNDIyMiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04MA%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyMjY0NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03OA%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1MjQwNCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDg%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1MDg1NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDY%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxOTUwNyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03NQ%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2OTc0NCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjU%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzOTg2OCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05NQ%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxNjM3OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03Mg%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0MzAwNyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05OA%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyNTc5MyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04MQ%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2MDI5OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTY%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2ODE4MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjQ%3D	false	Avira URL Cloud: safe	unknown
https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7z	false		high
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU1MzkxMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU2MjYxNiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xOA%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYwNjY0MiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02Mg%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2MTg4MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTc%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU4Njg0OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT00Mg%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1Mzk4NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDk%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2NjU1MyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjI%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxNzk0MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03Mw%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2MzQ0NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTk%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU3MzE2MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0yOQ%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2NTAwOCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjA%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxNDgzMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03MA%3D%3D	false	Avira URL Cloud: safe	unknown
http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyMTA4NCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03Nw%3D%3D	false	Avira URL Cloud: safe	unknown

AV Detection

Multi AV Scanner detection for submitted file

Source: SetupPoker.exe

Virustotal: Detection: 7%

Perma Link

Uses 32bit PE files

Source: SetupPoker.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\WebInstaller_7012.log

Jump to behavior

Source: SetupPoker.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49833 version: TLS 1.2

Source: SetupPoker.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\repo\web-installer-new\WebInstaller\Release\WebInstaller.pdb source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Source: C:\Users\user\Desktop\SetupPoker.exe

Directory queried: number of queries: 1001

Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\index.html	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/templates/installer/new.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /compressed_assets/poker_bet365_com/index.7z HTTP/1.1Accept: /User-Agent: WinClientHost: d3a6p9a3vksur7.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWluc3RhbGxlcl9pbml0Jm9zPSg5MjAwKV82NGJpdCZvc19sYW5nPTIwNTcmaWVfdmVyPTExLjc4OS4xOTA0MS4wJnByb2Nlc3NfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImdmVyaWZpZXI9YzBjMThlYWI0ZmI3ZWQ5NmJkMzM3ZGM2YmRmMGNmOTkmdXNlcl9pZD1DNDlGQkU2QjQ1MTc0OEE1QjM2RDFDMzJDQzI5RENCQiZpbnN0YWxsZXJfdmVyPTEuMS4xLjM2JnRpbWVzdGFtcD0xNzEzOTY2NTQ0NDM5JmFkbWludXNlcj0xJnN0YXJ0dGltZT0xNzEzOTY2NTQ0JmxpZmV0aW1lPTA%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU0ODc2OCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT00 HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU1MzkxMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05 HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU2MjYxNiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xOA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU3MzE2MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0yOQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjU4Njg0OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT00Mg%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYwMzE0MiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT01OQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYwNjY0MiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02Mg%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYwODc5OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02NA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxMTE1NSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02Nw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxMzIyOCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT02OQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxNDgzMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03MA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxNjM3OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03Mg%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxNzk0MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03Mw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYxOTUwNyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03NQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyMTA4NCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03Nw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyMjY0NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT03OA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyNDIyMiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04MA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyNTc5MyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04MQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyNzM1MiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04Mw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYyODkzNCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04NA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzMDQ5NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04Ng%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzMjA1OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04OA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzMzYwNyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT04OQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzNTIwNiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05MQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzNjc1NSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05Mg%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzODMwMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05NA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjYzOTg2OCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05NQ%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0MTQ0MCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05Nw%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0MzAwNyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT05OA%3D%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0NDU2NiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDA%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0NjE0NiZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDI%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0NzcxMyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDM%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY0OTI5MyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDU%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1MDg1NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDY%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1MjQwNCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDg%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1Mzk4NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMDk%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1NTU1NCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTE%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1NzE1NSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTM%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY1ODcyMCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTQ%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2MDI5OSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTY%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2MTg4MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTc%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2MzQ0NyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMTk%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2NTAwOCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjA%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2NjU1MyZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjI%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2ODE4MSZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjQ%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90eXBlPWVycm9yJmVycm9yX3RleHQ9aW5zdGFsbGVyX21haW5fdGltZW91dCZvcz0oOTIwMClfNjRiaXQmb3NfbGFuZz0yMDU3JmllX3Zlcj0xMS43ODkuMTkwNDEuMCZwcm9jZXNzX2lkPUM0OUZCRTZCNDUxNzQ4QTVCMzZEMUMzMkNDMjlEQ0JCJnZlcmlmaWVyPWMwYzE4ZWFiNGZiN2VkOTZiZDMzN2RjNmJkZjBjZjk5JnVzZXJfaWQ9QzQ5RkJFNkI0NTE3NDhBNUIzNkQxQzMyQ0MyOURDQkImaW5zdGFsbGVyX3Zlcj0xLjEuMS4zNiZ0aW1lc3RhbXA9MTcxMzk2NjY2OTc0NCZhZG1pbnVzZXI9MSZzdGFydHRpbWU9MTcxMzk2NjU0NCZsaWZldGltZT0xMjU%3D HTTP/1.1Accept: /User-Agent: WinClientHost: stats.ptinstaller.comConnection: Keep-AliveCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: stats.ptinstaller.com
Source: global traffic	DNS traffic detected: DNS query: d3a6p9a3vksur7.cloudfront.net

Source: SetupPoker.exe, 00000000.00000003.1406630300.0000000004F24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET
Source: SetupPoker.exe, 00000000.00000003.1191930955.000000000638D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.00000000061D1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1333495568.0000000006084000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1442450512.0000000006150000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1268648812.000000000621C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.0000000006099000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.0000000006156000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.0000000006148000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1241553559.000000000AF28000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1335493226.000000000621C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.000000000621C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1268165536.00000000061D2000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1216617589.0000000006391000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.000000000614D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4
Source: SetupPoker.exe, 00000000.00000003.1190103747.00000000050F6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1258601555.0000000006064000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1300859702.0000000004B29000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050C4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1626296392.0000000005F64000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1402614507.00000000050CB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.00000000060A1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360679068.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1218193113.00000000051C6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1
Source: SetupPoker.exe, 00000000.00000003.1224191324.000000000ADD4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1595144997.00000000043E9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.0000000006183000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.00000000043DC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1167158636.00000000061BB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1165848039.0000000006210000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1245174803.0000000006717000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1392875491.00000000060D8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.000000000624E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1264527458.0000000006183000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1701611389.00000000043DC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1255503353.00000000063F6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1213792050.0000000006156000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.00000000066F8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.0000000005FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1)
Source: SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1362088292.0000000005049000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1331356923.00000000051AC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1198655475.00000000062CE000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1299279940.00000000043F3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1595144997.00000000043E9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217463206.0000000005203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B1C7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1337919156.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1542694460.0000000004F0F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1296337097.000000000632F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.000000000611E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1215276416.0000000005FB9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1572384432.000000000B143000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1453896201.0000000006373000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1299279940.0000000004407000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1346696740.00000000065BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1350633613.000000000638D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1291770213.0000000005202000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1447884721.00000000061D1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1.
Source: SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348043288.000000000510A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=15
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1195088513.0000000006064000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1a
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1518487884.00000000050B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1c
Source: SetupPoker.exe, 00000000.00000003.1337919156.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1298889123.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1ct
Source: SetupPoker.exe, 00000000.00000003.1190103747.000000000509D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1le=
Source: SetupPoker.exe, 00000000.00000003.1703524762.000000000509F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8&PRD=4&LNG=1&TID=1nd
Source: SetupPoker.exe, 00000000.00000003.1481734742.0000000000AB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: HTTP://HELP.BET365.COM/HOME/MAINPAGE.ASP?POPMEMBERS=5360&SCTID=8lay
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SetupPoker.exe, 00000000.00000003.1622962938.0000000005124000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360608826.0000000005122000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1251015133.0000000005123000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1518487884.000000000511B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1540007881.0000000005125000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainp
Source: SetupPoker.exe, 00000000.00000003.1213792050.000000000611A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage
Source: SetupPoker.exe, 00000000.00000003.1269594656.0000000006064000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp
Source: SetupPoker.exe, 00000000.00000003.1297649621.00000000060C9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.0000000006099000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1295185122.000000000626F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360
Source: SetupPoker.exe, 00000000.00000003.1213792050.000000000611A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sct
Source: SetupPoker.exe, 00000000.00000003.1700759347.00000000051E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&p
Source: SetupPoker.exe, 00000000.00000003.1698105535.000000000510C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=
Source: SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1390999242.00000000051C6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1392532156.00000000066A2000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1466796455.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1292095846.000000000602B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1742950222.00000000060A3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.0000000006228000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1698105535.00000000050EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1
Source: SetupPoker.exe, 00000000.00000003.1481734742.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid
Source: SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1
Source: SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348043288.000000000510A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1(
Source: SetupPoker.exe, 00000000.00000003.1402614507.00000000050CB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.00000000060A1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1496683638.000000000612D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360679068.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1339229270.000000000619C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1609163367.0000000004C04000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1349563072.0000000005FBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1.
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.000000000611E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217835040.0000000004455000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1212669059.00000000061C1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1165452459.00000000051A5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.000000000611E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1252849268.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1297649621.00000000060C9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1260325059.00000000061C6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1365625267.000000000611D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1392875491.0000000006129000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1405857455.0000000004458000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1621156221.000000000635D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1241553559.000000000AF28000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1543908829.000000000635C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360232511.00000000060E5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.00000000061A8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1196691826.0000000004455000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1.9.6
Source: SetupPoker.exe, 00000000.00000003.1337919156.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1298889123.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1:
Source: SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348043288.000000000510A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1C
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1I
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1190979187.0000000006108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1JQ
Source: SetupPoker.exe, 00000000.00000003.1337919156.000000000510F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348043288.000000000510A000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1458910649.000000000510E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1RZ
Source: SetupPoker.exe, 00000000.00000003.1521972869.000000000618C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1RZU
Source: SetupPoker.exe, 00000000.00000003.1213151253.00000000050AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1ct
Source: SetupPoker.exe, 00000000.00000003.1213151253.00000000050AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1le=
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1ll4
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1nd
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1190979187.0000000006108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1qP:
Source: SetupPoker.exe, 00000000.00000003.1190103747.000000000509D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1t
Source: SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1337919156.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1298889123.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1348554532.00000000050C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1te
Source: SetupPoker.exe, 00000000.00000003.1190103747.000000000509D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1&tid=1vaT
Source: SetupPoker.exe, 00000000.00000003.1532149058.0000000006297000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1?
Source: SetupPoker.exe, 00000000.00000003.1521972869.00000000060C6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1294123197.00000000061AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1D
Source: SetupPoker.exe, 00000000.00000003.1392875491.000000000618C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1HAVE
Source: SetupPoker.exe, 00000000.00000003.1165848039.0000000006210000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1N9
Source: SetupPoker.exe, 00000000.00000003.1611593972.00000000063F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4&lng=1nachetAttribL0.ui
Source: SetupPoker.exe, 00000000.00000003.1698105535.00000000050EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360&sctid=8&prd=4.
Source: SetupPoker.exe, 00000000.00000003.1405857455.0000000004460000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1480957110.0000000004462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360):n===
Source: SetupPoker.exe, 00000000.00000003.1409970289.0000000006084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360ohW
Source: SetupPoker.exe, 00000000.00000003.1521972869.0000000006104000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360t
Source: SetupPoker.exe, 00000000.00000003.1215276416.0000000005FC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://help.bet365.com/home/mainpage.asp?popmembers=5360ui-datepicker-group
Source: SetupPoker.exe, 00000000.00000003.1247345609.000000000B0D7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1242698688.000000000B12F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.000000000440B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1588994617.000000000650F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1328744745.000000000B091000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1327375458.000000000B168000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1222273109.0000000005A50000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1572384432.000000000B0FF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B1F0000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1433754664.000000000B1E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jqueryui.com
Source: SetupPoker.exe, 00000000.00000003.1288634453.000000000AAD6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1512277805.0000000004214000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1163768777.00000000041A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://localhost/playtech-assests/playtech_notifications/brands/config.brandFolder
Source: SetupPoker.exe, 00000000.00000003.1288634453.000000000AAD6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1512277805.0000000004214000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1163768777.00000000041A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://localhost/playtech-assests/playtech_with_zips/brands/config.brandFolder
Source: SetupPoker.exe, 00000000.00000000.1128251483.000000000021E000.00000002.00000001.01000000.00000003.sdmp, SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://log.web-installer-assets.com/installer_logs
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: SetupPoker.exe, 00000000.00000003.1203683038.0000000006420000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://poker.bet365.com/home/en/
Source: SetupPoker.exe, 00000000.00000003.1532812270.00000000061D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://poker.bet365.com/home/en/W
Source: SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1269670994.0000000006426000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217463206.0000000005203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1538413353.0000000005201000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1241553559.000000000AF28000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.00000000061D1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1295185122.000000000626F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://poker.bet365.com/home/en/n0
Source: SetupPoker.exe, 00000000.00000003.1455550723.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/sta
Source: SetupPoker.exe, 00000000.00000003.1247345609.000000000B0D7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1734471646.000000000B367000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1242698688.000000000B12F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1588994617.000000000650F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1328744745.000000000B091000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1327375458.000000000B168000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.000000000442B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1222273109.0000000005A50000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1387555004.0000000004210000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1673754849.000000000AADB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1648619192.000000000503C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B1F0000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1433754664.000000000B1E3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1512911017.000000000AADA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1648619192.0000000005021000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1678150128.000000000AAFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1210337444.0000000004203000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/stats.gif
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/stats.gif?event=100&brand=Poker
Source: SetupPoker.exe, 00000000.00000003.1614315789.00000000060CF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1196561269.0000000005FAA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1446454182.0000000006064000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1483430393.000000000B0E2000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1347089871.00000000060BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1442450512.00000000060C8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1700759347.00000000051C9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1578571682.0000000006064000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1540127876.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1626296392.0000000005F64000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1218193113.00000000051C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/stats.gif?v=2&data=ZXZlbnQ9MTAwJmJyYW5kPVBva2VyIGF0IEJldDM2NSZldmVudF90
Source: SetupPoker.exe, 00000000.00000003.1576248421.00000000065AB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1407302354.0000000005099000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stats.ptinstaller.com/stats.gif?v=2&data=zxzlbnq9mtawjmjyyw5kpvbva2vyigf0iejlddm2nszldmvudf90
Source: SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com
Source: SetupPoker.exe, 00000000.00000003.1471854227.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1490559578.0000000006000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com#
Source: SetupPoker.exe, 00000000.00000003.1734189784.0000000006581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com)
Source: SetupPoker.exe, 00000000.00000003.1609163367.0000000004C04000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B147000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com.
Source: SetupPoker.exe, 00000000.00000003.1251559739.00000000060C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com1
Source: SetupPoker.exe, 00000000.00000003.1471854227.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1490559578.0000000006000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com3
Source: SetupPoker.exe, 00000000.00000003.1642502208.0000000004386000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1408519751.0000000004385000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.0000000004385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com7
Source: SetupPoker.exe, 00000000.00000003.1734189784.0000000006581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com9
Source: SetupPoker.exe, 00000000.00000003.1442450512.00000000060FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com:
Source: SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1477096688.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1345242474.00000000062EE000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1331356923.00000000051A5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1362088292.0000000005049000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1480200025.0000000005198000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1699540762.0000000005201000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1595144997.00000000043E9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217463206.0000000005203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.00000000043B1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1340457919.0000000005F5D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1542694460.0000000004F0F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1199918159.00000000060BC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1199619061.0000000006122000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.00000000043DC000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1471129585.000000000520D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1521972869.000000000619E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1572384432.000000000B143000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1453896201.0000000006373000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1252849268.00000000043BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com;
Source: SetupPoker.exe, 00000000.00000003.1215276416.000000000602C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com?h
Source: SetupPoker.exe, 00000000.00000003.1408519751.00000000043B5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.00000000043B1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353797317.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1450574053.00000000043BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comB
Source: SetupPoker.exe, 00000000.00000003.1734189784.0000000006581000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1251559739.00000000060C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comQ
Source: SetupPoker.exe, 00000000.00000003.1442450512.00000000060FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comR
Source: SetupPoker.exe, 00000000.00000003.1199275844.0000000005F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comT:
Source: SetupPoker.exe, 00000000.00000003.1166265797.0000000005FBB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1190979187.0000000006108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comX
Source: SetupPoker.exe, 00000000.00000003.1215276416.000000000602C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.com_h
Source: SetupPoker.exe, 00000000.00000003.1335493226.0000000006257000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comal
Source: SetupPoker.exe, 00000000.00000003.1408519751.00000000043B5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.00000000043B1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353797317.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1450574053.00000000043BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comlo
Source: SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1269670994.0000000006426000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1217463206.0000000005203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1538413353.0000000005201000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1241553559.000000000AF28000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1271712315.000000000A932000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1683864054.00000000061D1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1295185122.000000000626F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comn0
Source: SetupPoker.exe, 00000000.00000003.1734189784.0000000006581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comq
Source: SetupPoker.exe, 00000000.00000003.1408519751.00000000043B5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1341594024.00000000043B1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353797317.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1450574053.00000000043BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bet365.comv
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: SetupPoker.exe, 00000000.00000003.1455550723.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/
Source: SetupPoker.exe, 00000000.00000003.1648619192.0000000005021000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1678150128.000000000AAFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1210337444.0000000004203000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1286318811.0000000005AC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/cabs/poker_bet365_com/
Source: SetupPoker.exe, 00000000.00000003.1576248421.00000000065AB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1610049126.00000000065AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/index.7z
Source: SetupPoker.exe, 00000000.00000003.1161764203.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/index.7zo/
Source: SetupPoker.exe, 00000000.00000003.1648619192.0000000005021000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1678150128.000000000AAFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1210337444.0000000004203000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/
Source: SetupPoker.exe, 00000000.00000003.1729222927.0000000005AB7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/D
Source: SetupPoker.exe, 00000000.00000003.1610049126.00000000065B9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1365625267.000000000611D000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1266908713.00000000061A9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1602535050.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1392532156.00000000066A2000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1617470375.0000000006025000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1276362442.0000000005ADE000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1354899913.0000000005FB1000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1565113121.0000000005AD0000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1299279940.00000000043CA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1263345758.00000000062A7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1616377803.00000000066B7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1335299858.0000000005FA6000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1265925218.00000000066B7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353927748.00000000061A4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1237390627.0000000005E03000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1183829160.0000000005C10000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1213792050.0000000006156000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.00000000061A8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1659074011.0000000009A26000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1595144997.00000000043C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7z
Source: SetupPoker.exe, 00000000.00000003.1450574053.00000000043BD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1479485767.00000000043BB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1642245601.00000000043BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7zC
Source: SetupPoker.exe, 00000000.00000003.1265237703.0000000006230000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.000000000622E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1335493226.000000000621C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1745496128.0000000006236000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7zl
Source: SetupPoker.exe, 00000000.00000003.1745496128.0000000006236000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7zu
Source: SetupPoker.exe, 00000000.00000003.1265237703.0000000006230000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1248039607.000000000622E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfront.net/compressed_assets/poker_bet365_com/templates/installer/new.7z~
Source: SetupPoker.exe, 00000000.00000003.1700759347.00000000051C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d3a6p9a3vksur7.cloudfrontw
Source: SetupPoker.exe, 00000000.00000003.1247345609.000000000B0D7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1734471646.000000000B367000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1242698688.000000000B12F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1588994617.000000000650F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1328744745.000000000B091000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000000.1128251483.000000000021E000.00000002.00000001.01000000.00000003.sdmp, SetupPoker.exe, 00000000.00000003.1327375458.000000000B168000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.000000000442B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1222273109.0000000005A50000.00000004.00000800.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1387555004.0000000004210000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1673754849.000000000AADB000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1648619192.000000000503C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1161782322.000000000447E000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1735725553.000000000B1F0000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1433754664.000000000B1E3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1512911017.000000000AADA000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1648619192.0000000005021000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1678150128.000000000AAFD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1210337444.0000000004203000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dl-com.p365play.com/download/poker/client_update_urls.php
Source: SetupPoker.exe, 00000000.00000003.1599443576.00000000051C8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1463944166.00000000060C7000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1576248421.000000000658F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1462128666.0000000004C0C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1340908766.00000000065F4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1492834099.00000000066F0000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1251559739.00000000060C4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1194844392.0000000005FC8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1328744745.000000000B091000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1246215557.00000000065DD000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1612066844.000000000672B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1609163367.0000000004C0F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1254269839.0000000004399000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1440184255.00000000066B4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1450574053.0000000004391000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1329971338.000000000669F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1269321873.00000000065F4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1290970800.00000000065BF000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1732076953.0000000000B9F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1215276416.0000000005FB9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1740534383.00000000043CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery-ui
Source: SetupPoker.exe, 00000000.00000003.1361142880.00000000062D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: SetupPoker.exe, 00000000.00000003.1521972869.0000000006111000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1190979187.0000000006108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: SetupPoker.exe, 00000000.00000003.1462486583.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1340279904.000000000633F000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1479726702.0000000006344000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2m
Source: SetupPoker.exe, 00000000.00000003.1392875491.000000000618C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1201822631.00000000061A4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1486934205.00000000061A9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1266908713.00000000061A9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1353927748.00000000061A4000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1213792050.0000000006156000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1532812270.00000000061A8000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1260626458.00000000061A3000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1294123197.0000000006190000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1493512647.00000000061A9000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1339229270.000000000619C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1193702752.0000000006174000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: SetupPoker.exe, 00000000.00000003.1191930955.0000000006301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srfC:
Source: SetupPoker.exe, 00000000.00000003.1462486583.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1360389090.000000000633C000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1270430219.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1640862235.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1480720293.000000000633B000.00000004.00000020.00020000.00000000.sdmp, SetupPoker.exe, 00000000.00000003.1345242474.000000000633B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.85.39.184:443 -> 192.168.2.16:49833 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (12).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (13).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (14).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (15).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (16).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (17).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (18).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (19).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (20).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (21).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (22).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (23).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (24).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (25).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (26).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\index[1].7z entropy: 7.9994060033	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\index.7z entropy: 7.9994060033	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\index[1].7z entropy: 7.9994060033	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new.7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (27).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (28).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (29).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (30).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (31).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (32).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (33).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (34).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\new[1].7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (35).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (1).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (36).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\index[1].7z entropy: 7.9994060033	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (37).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (38).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (39).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (40).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (2).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (41).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\new[1].7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (42).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (3).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (43).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (4).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (44).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (5).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (6).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (7).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (8).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (9).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (10).7z entropy: 7.99335034694	Jump to dropped file
Source: C:\Users\user\Desktop\SetupPoker.exe	File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (11).7z entropy: 7.99335034694	Jump to dropped file

Sample file is different than original file name gathered from version info

Source: SetupPoker.exe, 00000000.00000000.1128251483.000000000021E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameinstaller.exe@ vs SetupPoker.exe
Source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameinstaller.exe@ vs SetupPoker.exe

Uses 32bit PE files

Source: SetupPoker.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus39.rans.winEXE@1/70@2/2

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Program Files (x86)\tempo_41

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\stats[1].gif

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\

Jump to behavior

Source: SetupPoker.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SetupPoker.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SetupPoker.exe

Virustotal: Detection: 7%

Source: C:\Users\user\Desktop\SetupPoker.exe

File read: C:\Users\user\Desktop\SetupPoker.exe

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Section loaded: uiautomationcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SetupPoker.exe

Static PE information: certificate valid

Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SetupPoker.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SetupPoker.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SetupPoker.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\repo\web-installer-new\WebInstaller\Release\WebInstaller.pdb source: SetupPoker.exe, 00000000.00000003.1162797752.00000000054A5000.00000004.00000020.00020000.00000000.sdmp

Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SetupPoker.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\SetupPoker.exe

File created: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\WebInstaller_7012.log

Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 4800000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 4E10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5390000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 53B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 4300000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 53D0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5800000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5A50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5C30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5CD0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5D70000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5DB0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5E30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5EB0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5920000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5940000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 59E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5ED0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5EF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5F10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5F30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 53F0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 6750000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5410000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 9950000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 9970000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 9990000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 99B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5B70000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5BF0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 54C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A6A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A6C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A6E0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A700000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A720000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A7C0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A7F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: ACA0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5520000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A7C0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A810000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A7C0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A950000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A640000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A740000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5B20000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: 5A50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A740000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SetupPoker.exe	Memory allocated: A980000 memory commit \| memory reserve \| memory write watch

Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\index.html	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: SetupPoker.exe, 00000000.00000003.1455550723.0000000000A95000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SetupPoker.exe, 00000000.00000003.1455550723.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWndow Class

Source: C:\Users\user\Desktop\SetupPoker.exe

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SetupPoker.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SetupPoker.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Source: C:\Users\user\Desktop\SetupPoker.exe

Directory queried: number of queries: 1001

ID:	1431066
Product:	CloudBasic
Start time:	14:31:15
Start date:	24.04.2024
Sample:	SetupPoker.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	343388c9516bc04f4ed06d6f1353f602
SHA1:	b124bf52a708dc990ed302519b434fac3565e190
SHA256:	33fe69e83c850f8b4b090b862cb38648a77c68f251cd6e9bd975ac2aa917ac05
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\index[1].7z	7-zip archive data, version 0.4	DABF9EF79326A6B036BD65B39A7FFAB3	34263EFFE77326680C72C0D7F895EE3501D2BBA8	7408991BB8EBD41D2484BD5359A78B87DA59D33F6FD40F57D083286E92CD1708
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\new[1].7z	7-zip archive data, version 0.4	ED0AB3199E0882A22F667E75E2A29688	8397E407C835878C9A38BEC3BBE23788221F5508	7BFE49D9FDC4BA0253D329306F2A5B0F324F7E93EDA917817E4124612CE65464
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\index[1].7z	7-zip archive data, version 0.4	DABF9EF79326A6B036BD65B39A7FFAB3	34263EFFE77326680C72C0D7F895EE3501D2BBA8	7408991BB8EBD41D2484BD5359A78B87DA59D33F6FD40F57D083286E92CD1708
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\new[1].7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\index[1].7z	7-zip archive data, version 0.4	DABF9EF79326A6B036BD65B39A7FFAB3	34263EFFE77326680C72C0D7F895EE3501D2BBA8	7408991BB8EBD41D2484BD5359A78B87DA59D33F6FD40F57D083286E92CD1708
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\new[1].7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\WebInstaller_7012.log	Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators	A688DE8C7115B8C1EBEC0DB0462E51C7	D7D1DA36628693DFC046EF20775B6AD865864068	8222F56E64DA893AD265EC7133FF7BF11AA1612AF619A49D6040929CE2747499
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\index.7z	7-zip archive data, version 0.4	DABF9EF79326A6B036BD65B39A7FFAB3	34263EFFE77326680C72C0D7F895EE3501D2BBA8	7408991BB8EBD41D2484BD5359A78B87DA59D33F6FD40F57D083286E92CD1708
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\index.html	HTML document, ASCII text, with very long lines (33425)	8D5F1450ACDFDB6EAB03E051DE9AE106	152ED1F01149CB5CEBE56EECF532B38E6A461306	4422430193C8EF1EE26D2FB34B77DF046BB028B862418D7760B6F27F40038961
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (1).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (10).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (11).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (12).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (13).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (14).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (15).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (16).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (17).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (18).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (19).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (2).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (20).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (21).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (22).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (23).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (24).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (25).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (26).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (27).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (28).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (29).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (3).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (30).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (31).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (32).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (33).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (34).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (35).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (36).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (37).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (38).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (39).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (4).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (40).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (41).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (42).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (43).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (44).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (5).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (6).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (7).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (8).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new (9).7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new.7z	7-zip archive data, version 0.4	844817CA2E3C1E633F41EE03FFC052BB	6DDEC5F2444EDCE1D134350B77308E04B92853F2	DE14E44DB9E8EE98359C52CD6DACC7DDD29B04927F8811DA769EBBFE37CFF3FB
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\css\template.css	ASCII text	755AB205A3814E608AD3A130A774838A	3A05403B0D36198E5303583CEA90B088ACBC8C77	F13BB3AF1B377E0FE810304201CD06B859E416C219FE79424F7DEF3F637D31AA
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\html\template.html	exported SGML document, Unicode text, UTF-8 text	C523A444CD764B915A7B689213111187	43632FEE9B493C25DF48F01E54903D1E8B40B718	86328F2B83CF3AEB5B2244F2775EBF476BEBC27E7D02E457BE3D1037FCD3F586
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\attractive_tournaments_icon.png	PNG image data, 52 x 52, 8-bit colormap, non-interlaced	70F7C3E4F9D8ABD8177CBF3DA17B78B7	0947365F40B9B0C19034824287EFAF90A16F35E2	396170FEA4E992550D750544F405E3148ECE4C5917E2918DE0B471325AB491B5
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\background.jpg	JPEG image data, baseline, precision 8, 887x557, components 3	D1F871DB11D27E5EADC1A75780A8E6F6	852CAB3D306BF0C26C19394BABEF26C1842FD119	910A53EA0FED371E4BAD6573E947070DB79AAADDAAAB183A1EECD9DAD3953EBC
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\chech-flag.png	PNG image data, 18 x 13, 8-bit/color RGB, non-interlaced	F86BCBDF68FF380F476FEF5C7001A0AD	1E873C2E6907B7A9239BE272E925312E03B9D959	D6472B1F31A19F4EBC4D03C752F5EA24410435E443E4583DEA8D148C1BD86D36
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\close-button_normal.png	PNG image data, 21 x 21, 8-bit colormap, non-interlaced	4EF2DEBFE89E91CF0B869DBE899EB690	B1ABBBE02BB3E6128C7900DDBB39DA023ABFCC4B	2AA6B107CAF74A0CDF6F96C8BF232C4CBCD23C1D4AB3A1AFDA6B4F8E16A08F05
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\close-button_over.png	PNG image data, 21 x 21, 8-bit colormap, non-interlaced	1F0E2FB6C9EF512E36D1C2751A718DD0	9962BB50799F9C3E54B75C41CE8D14AC79171EAE	0F7C92D62627B51B8CA71D6040B6B9622FA9FAC219703BCAA7C4190C9C2496CF
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\countless_cash_games_icon.png	PNG image data, 52 x 52, 8-bit colormap, non-interlaced	3AAD55181187EB922BF888A05875FE03	00629184D77E0082CBE16A4ECFDE03BF51C1CE3B	7785DEFF4991BF4492BD0FDDC8EDAC1935069070EB55B7F7847BDEC63DD67C87
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\cta-button_normal.png	PNG image data, 240 x 57, 4-bit colormap, non-interlaced	9EFEFE5516895B085783A1D59BDADF79	E1C4345F847A3755C04505EA57E6D8D4737128E0	FE7B5AF65ED5A8D484712DC4255511F3D878B8BEE63ED0032B01504A9D21E7D0
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\cta-button_over.png	PNG image data, 240 x 57, 4-bit colormap, non-interlaced	8FC80FEC92D6032984C8E45B024C2AB6	1ED5322F73577934F7A071682FF402388DEA16C0	168A059AC374EF668E1467B5D6069BB7E6AA2E752852EFD3E3D320D2E388BA65
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\estonia-flag.png	PNG image data, 18 x 13, 8-bit/color RGB, non-interlaced	081B13AD26CC2D9576A050B9A6445C56	84F781B84C104521E781FD02D72334E0FAA6273E	8110564299DC75ED1DB3A60EDFDDF1F876FFA9A857BD0F6FFA4E9D573F9334B9
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\greek-flag.png	PNG image data, 18 x 13, 8-bit colormap, non-interlaced	8E30747DF1A92097671555182F4B4F08	98E151A8E9707D56357AA8D2696153E9B8ACAAE3	BA969182F7A443279960605F48ABD1AFB1CCBA66A24C330A64AB804476CB3C6D
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\logo.png	PNG image data, 194 x 42, 8-bit colormap, non-interlaced	26A49A1D2D15B9F56012566B7EDCBC3D	AA86E01EE04051575B3DEA741A142CAFAD07C41A	71ECA3F1F564CC8F559D112A354A3799FC9F01047C56AEC89B5F1021EC5EFA29
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\progress-bar.png	PNG image data, 629 x 15, 1-bit colormap, non-interlaced	A739CEC24DAA55D321D27CE460E83DAD	7FB5630FD48C45D7873D11375D1CE912C0E3BBC7	30371CC12397902EDDBA358C32E7B2384B1425F3E703B94ECFD73D316177F123
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\sprite.png	PNG image data, 415 x 547, 8-bit/color RGBA, non-interlaced	4A9E6334B9D97619ADD9ABB42363C214	D5105E86F50DC45F76B02F5CE32D6580973BB478	D0C9FEBB5511A7769149E1BA6A57CEAFDF4ABED383E11EB18E5EF026930C4B1A
C:\Users\user\AppData\Local\Temp\WebInstaller_C49FBE6B451748A5B36D1C32CC29DCBB\new\images\thrilling_casino_games_icon.png	PNG image data, 52 x 52, 8-bit colormap, non-interlaced	4D1A905E5B89739B20CBA186DF357E1F	1C4B4D6806C49C5FB88B05DBD1E4629C9347032B	DDCCB1F0B9B39E8F66B71A4FBC84BEE310E932A0B732780CCCEB87CFD9D1E0BC

Windows Analysis Report
SetupPoker.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report SetupPoker.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
SetupPoker.exe