Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Fanduel CO Player Location Check F.exe

Overview

General Information

Sample name:Fanduel CO Player Location Check F.exe
Analysis ID:1542299
MD5:08304ec84ba59a397c29db1c7de4c3df
SHA1:ffc9bc947d938d899ba62890c22e5cd78d8f3ded
SHA256:2fa0b61573801f430c2f9d19b85fe6693dfcfbc0699ceba93eccc0acbb17d5fc
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
Hides threads from debuggers
PE file contains section with special chars
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Query firmware table information (likely to detect VMs)
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Adds / modifies Windows certificates
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates processes with suspicious names
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores large binary data to the registry
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • Fanduel CO Player Location Check F.exe (PID: 2712 cmdline: "C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe" MD5: 08304EC84BA59A397C29DB1C7DE4C3DF)
    • GeoComplyUpdate.exe (PID: 6264 cmdline: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe /installer_key vjEUuMIrae /environment_id production /data_source_url https://ums.geocomply.com/api/v1 /player_location_check_version 4.1.0.0 MD5: 57825971D603090D7500C4C96500966E)
  • svchost.exe (PID: 6848 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5768 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 7008 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 7048 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6196 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 6724 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 5380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 6248 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • com.geocomply.process-scanner-microservice.exe (PID: 6996 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe" MD5: 8E0658BD64F860A08C26D22498A4E436)
    • crash_handler.exe (PID: 2888 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4f8,0x4fc,0x4dc,0x500,0x1936ba8,0x1936bbc,0x1936bcc MD5: F1B7450F8305A58F6E48FDF5AE32758C)
  • com.geocomply.vm-detector-microservice.exe (PID: 2216 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe" MD5: 72A41CB50BD16FEE5D12EE874C5A3FAB)
    • crash_handler.exe (PID: 6972 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb2" --initial-client-data=0x470,0x474,0x47c,0x478,0x480,0x1656ba8,0x1656bbc,0x1656bcc MD5: F1B7450F8305A58F6E48FDF5AE32758C)
  • com.geocomply.wifi-scanner-microservice.exe (PID: 6856 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe" MD5: B34599EDD4BC51D89807E352607384E8)
    • crash_handler.exe (PID: 1344 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb2" --initial-client-data=0x474,0x478,0x47c,0x468,0x480,0x1186bd0,0x1186be4,0x1186bf4 MD5: F1B7450F8305A58F6E48FDF5AE32758C)
  • com.geocomply.internal-updater-microservice.exe (PID: 4112 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe" MD5: FF6DD4C37561ED610994C1FCA08BDA73)
    • crash_handler.exe (PID: 2188 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb2" --initial-client-data=0x480,0x484,0x488,0x47c,0x48c,0x1786ba8,0x1786bbc,0x1786bcc MD5: F1B7450F8305A58F6E48FDF5AE32758C)
  • service.exe (PID: 2196 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe" MD5: F55B931B7BF241E3ED8C6F9DAC59FBA3)
    • crash_handler.exe (PID: 4304 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4d4,0x4d8,0x4cc,0x4dc,0xb90978,0xb9098c,0xb9099c MD5: F1B7450F8305A58F6E48FDF5AE32758C)
    • PlayerLocationIcon.exe (PID: 5760 cmdline: "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe" MD5: FC8ECAF170F5FDF403C5002B4C2E891B)
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000003.2033271069.000000000566E000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    00000013.00000003.2285850325.0000000004540000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

      Sigma Signatures

      System Summary

      barindex
      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6848, ProcessName: svchost.exe

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      • Compliance
      • Spreading
      • Networking
      • Key, Mouse, Clipboard, Microphone and Screen Capturing
      • E-Banking Fraud
      • System Summary
      • Data Obfuscation
      • Persistence and Installation Behavior
      • Boot Survival
      • Hooking and other Techniques for Hiding and Protection
      • Malware Analysis System Evasion
      • Anti Debugging
      • HIPS / PFW / Operating System Protection Evasion
      • Language, Device and Operating System Detection
      • Lowering of HIPS / PFW / Operating System Security Settings

      Click to jump to signature section

      Show All Signature Results
      Source: Fanduel CO Player Location Check F.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: Fanduel CO Player Location Check F.exeStatic PE information: certificate valid
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: ums.geocomply.com
      Source: global trafficDNS traffic detected: DNS query: prod-downloads.geocomply.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: Yara matchFile source: 0000000C.00000003.2033271069.000000000566E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000013.00000003.2285850325.0000000004540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E98E754284A422CC3ACAABE73E0D55BJump to dropped file
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59194E40068A745EF528E8E18DD529F2Jump to dropped file

      System Summary

      barindex
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E98E754284A422CC3ACAABE73E0D55B
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E98E754284A422CC3ACAABE73E0D55B
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59194E40068A745EF528E8E18DD529F2
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59194E40068A745EF528E8E18DD529F2
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
      Source: Fanduel CO Player Location Check F.exeStatic PE information: Number of sections : 13 > 10
      Source: Fanduel CO Player Location Check F.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: Fanduel CO Player Location Check F.exeStatic PE information: Section: ZLIB complexity 0.9927791104771784
      Source: Fanduel CO Player Location Check F.exeStatic PE information: Section: ZLIB complexity 0.9914466594827587
      Source: Fanduel CO Player Location Check F.exeStatic PE information: Section: ZLIB complexity 0.9980100235849056
      Source: Fanduel CO Player Location Check F.exeStatic PE information: Section: .reloc ZLIB complexity 1.5
      Source: classification engineClassification label: mal84.evad.winEXE@29/82@3/31
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Program Files (x86)\GeoComply
      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5380:120:WilError_03
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeFile created: C:\Users\user\AppData\Local\Temp\3537-0293-c966-a1d6
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeFile read: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe:Zone.Identifier
      Source: unknownProcess created: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe "C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe"
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeProcess created: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe /installer_key vjEUuMIrae /environment_id production /data_source_url https://ums.geocomply.com/api/v1 /player_location_check_version 4.1.0.0
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeProcess created: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe /installer_key vjEUuMIrae /environment_id production /data_source_url https://ums.geocomply.com/api/v1 /player_location_check_version 4.1.0.0
      Source: unknownProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe"
      Source: unknownProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe"
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4f8,0x4fc,0x4dc,0x500,0x1936ba8,0x1936bbc,0x1936bcc
      Source: unknownProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe"
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb2" --initial-client-data=0x470,0x474,0x47c,0x478,0x480,0x1656ba8,0x1656bbc,0x1656bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb2" --initial-client-data=0x474,0x478,0x47c,0x468,0x480,0x1186bd0,0x1186be4,0x1186bf4
      Source: unknownProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe"
      Source: unknownProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe"
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb2" --initial-client-data=0x480,0x484,0x488,0x47c,0x48c,0x1786ba8,0x1786bbc,0x1786bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4d4,0x4d8,0x4cc,0x4dc,0xb90978,0xb9098c,0xb9099c
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe"
      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
      Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4f8,0x4fc,0x4dc,0x500,0x1936ba8,0x1936bbc,0x1936bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb2" --initial-client-data=0x470,0x474,0x47c,0x478,0x480,0x1656ba8,0x1656bbc,0x1656bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb2" --initial-client-data=0x474,0x478,0x47c,0x468,0x480,0x1186bd0,0x1186be4,0x1186bf4
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb2" --initial-client-data=0x480,0x484,0x488,0x47c,0x48c,0x1786ba8,0x1786bbc,0x1786bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4d4,0x4d8,0x4cc,0x4dc,0xb90978,0xb9098c,0xb9099c
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe"
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: wtsapi32.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: iphlpapi.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: netapi32.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: version.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: samcli.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: ntmarta.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: dhcpcsvc.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: windows.storage.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: wldp.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: profapi.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: netutils.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: msftedit.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: atlthunk.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: textshaping.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: kernel.appcore.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: textinputframework.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: coreuicomponents.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: coremessaging.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: wintypes.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: wintypes.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: wintypes.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: wbemcomn.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: amsi.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: userenv.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: devobj.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: msasn1.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: mswsock.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: dnsapi.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: rasadhlp.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: fwpuclnt.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSection loaded: apphelp.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: iphlpapi.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: netapi32.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: version.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: wtsapi32.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: samcli.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: ntmarta.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: dhcpcsvc.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: windows.storage.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: wldp.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: profapi.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: netutils.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: kernel.appcore.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: wbemcomn.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: amsi.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: userenv.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: devobj.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: msasn1.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: mswsock.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: dnsapi.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: rasadhlp.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: fwpuclnt.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: taskschd.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: sspicli.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: cryptbase.dll
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: dbghelp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: wtsapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: mswsock.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: netapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: netutils.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: ntmarta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: profapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: samcli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: sspicli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: winnsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: cryptsp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: rsaenh.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: gpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: cryptnet.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: webio.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: dnsapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: rasadhlp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: fwpuclnt.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: apphelp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: wbemcomn.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: amsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: userenv.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSection loaded: devobj.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: dbghelp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: wtsapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: mswsock.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: netapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: netutils.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: ntmarta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: profapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: samcli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: sspicli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: winnsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: wbemcomn.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: amsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: userenv.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: devobj.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: apphelp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: powrprof.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: umpdc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: ntmarta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: profapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: dbghelp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: wtsapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: mswsock.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: netapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: netutils.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: ntmarta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: profapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: samcli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: sspicli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: winnsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: wbemcomn.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: amsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: userenv.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: devobj.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: powrprof.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: umpdc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: ntmarta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: profapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: powrprof.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: umpdc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: ntmarta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: profapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: dbghelp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: wtsapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: mswsock.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: netapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: netutils.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: ntmarta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: profapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: samcli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: sspicli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: winnsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: wbemcomn.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: amsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: userenv.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: devobj.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: userenv.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: dbghelp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: wtsapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: mswsock.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: netapi32.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: samcli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: ntmarta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: profapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: netutils.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: sspicli.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: winnsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: winsta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: wbemcomn.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: amsi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: devobj.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSection loaded: apphelp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: powrprof.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: version.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: winhttp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: umpdc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: ntmarta.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: iphlpapi.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: dhcpcsvc.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: windows.storage.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: wldp.dll
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSection loaded: profapi.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeFile opened: C:\Windows\SysWOW64\Msftedit.dll
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWindow detected: Number of UI elements: 14
      Source: Fanduel CO Player Location Check F.exeStatic PE information: certificate valid
      Source: Fanduel CO Player Location Check F.exeStatic file information: File size 6618304 > 1048576
      Source: Fanduel CO Player Location Check F.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x1da200
      Source: Fanduel CO Player Location Check F.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x379a00
      Source: Fanduel CO Player Location Check F.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name:
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name: .debug
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name: .vm_sec
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name: .winlice
      Source: Fanduel CO Player Location Check F.exeStatic PE information: section name: .boot
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeFile created: \fanduel co player location check f.exe
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeFile created: \fanduel co player location check f.exe
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeFile created: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\win32locationapi.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\CrashHandler\crash_handler.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\winrtlocationapi.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\PlayerLocationIcon.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\PlayerLocationCheck.exeJump to dropped file

      Boot Survival

      barindex
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWindow searched: window name: RegmonClass
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWindow searched: window name: FilemonClass
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWindow searched: window name: Regmonclass
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWindow searched: window name: Filemonclass
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWindow searched: window name: RegmonClass
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWindow searched: window name: FilemonClass
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWindow searched: window name: Regmonclass
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWindow searched: window name: Filemonclass
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWindow searched: window name: RegmonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWindow searched: window name: FilemonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWindow searched: window name: Filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWindow searched: window name: RegmonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWindow searched: window name: FilemonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWindow searched: window name: Filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: RegmonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: FilemonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWindow searched: window name: RegmonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWindow searched: window name: FilemonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWindow searched: window name: Filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: RegmonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: FilemonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: RegmonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: FilemonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWindow searched: window name: RegmonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWindow searched: window name: FilemonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWindow searched: window name: Filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWindow searched: window name: FilemonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWindow searched: window name: RegmonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWindow searched: window name: Filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: RegmonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: FilemonClass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: Filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeWindow searched: window name: PROCMON_WINDOW_CLASS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess information set: NOOPENFILEERRORBOX

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive WHERE PNPDeviceID LIKE &quot;IDE%&quot; OR PNPDeviceID LIKE &quot;SCSI%&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber, Manufacturer, PartNumber, Capacity FROM Win32_PhysicalMemory
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE Name=&quot;C:&quot;
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSystem information queried: FirmwareTableInformation
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSystem information queried: FirmwareTableInformation
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSystem information queried: FirmwareTableInformation
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSystem information queried: FirmwareTableInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeSystem information queried: FirmwareTableInformation
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
      Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\win32locationapi.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\winrtlocationapi.dllJump to dropped file
      Source: C:\Windows\System32\svchost.exe TID: 6816Thread sleep time: -30000s >= -30000s
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeFile opened: PhysicalDrive0
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, SerialNumber, Version FROM Win32_BIOS
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Name, ProcessorID FROM Win32_Processor
      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformation
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeSystem information queried: ModuleInformation
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeProcess information queried: ProcessInformation

      Anti Debugging

      barindex
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeThread information set: HideFromDebugger
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeThread information set: HideFromDebugger
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeOpen window title or class name: regmonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeOpen window title or class name: gbdyllo
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeOpen window title or class name: procmon_window_class
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeOpen window title or class name: ollydbg
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeOpen window title or class name: filemonclass
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeProcess queried: DebugPort
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeProcess queried: DebugObjectHandle
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeProcess queried: DebugPort
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeProcess queried: DebugPort
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeProcess queried: DebugObjectHandle
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess queried: DebugObjectHandle
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeProcess queried: DebugObjectHandle
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugObjectHandle
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeProcess queried: DebugObjectHandle
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugObjectHandle
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugObjectHandle
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeProcess queried: DebugObjectHandle
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess queried: DebugObjectHandle
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugPort
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeProcess queried: DebugObjectHandle
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeProcess created: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe /installer_key vjEUuMIrae /environment_id production /data_source_url https://ums.geocomply.com/api/v1 /player_location_check_version 4.1.0.0
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4f8,0x4fc,0x4dc,0x500,0x1936ba8,0x1936bbc,0x1936bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb2" --initial-client-data=0x470,0x474,0x47c,0x478,0x480,0x1656ba8,0x1656bbc,0x1656bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb2" --initial-client-data=0x474,0x478,0x47c,0x468,0x480,0x1186bd0,0x1186be4,0x1186bf4
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb2" --initial-client-data=0x480,0x484,0x488,0x47c,0x48c,0x1786ba8,0x1786bbc,0x1786bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe" --no-rate-limit "--database=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps" "--metrics-dir=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-event" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb1" "--attachment=C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4d4,0x4d8,0x4cc,0x4dc,0xb90978,0xb9098c,0xb9099c
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe "C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe"
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4f8,0x4fc,0x4dc,0x500,0x1936ba8,0x1936bbc,0x1936bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb2" --initial-client-data=0x470,0x474,0x47c,0x478,0x480,0x1656ba8,0x1656bbc,0x1656bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb2" --initial-client-data=0x474,0x478,0x47c,0x468,0x480,0x1186bd0,0x1186be4,0x1186bf4
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb2" --initial-client-data=0x480,0x484,0x488,0x47c,0x48c,0x1786ba8,0x1786bbc,0x1786bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4d4,0x4d8,0x4cc,0x4dc,0xb90978,0xb9098c,0xb9099c
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4f8,0x4fc,0x4dc,0x500,0x1936ba8,0x1936bbc,0x1936bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-breadcrumb2" --initial-client-data=0x470,0x474,0x47c,0x478,0x480,0x1656ba8,0x1656bbc,0x1656bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-breadcrumb2" --initial-client-data=0x474,0x478,0x47c,0x468,0x480,0x1186bd0,0x1186be4,0x1186bf4
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-breadcrumb2" --initial-client-data=0x480,0x484,0x488,0x47c,0x48c,0x1786ba8,0x1786bbc,0x1786bcc
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeProcess created: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe "c:\program files (x86)\geocomply\playerlocationcheck\crashhandler\crash_handler.exe" --no-rate-limit "--database=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps" "--metrics-dir=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps" --url=https://sentry.geocomply.com:443/api/4/minidump/?sentry_client=sentry.native/0.6.2&sentry_key=fe16c1a9523e4ab0b3707ad66b0217dc "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-event" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb1" "--attachment=c:\programdata\geocomply\player location check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-breadcrumb2" --initial-client-data=0x4d0,0x4d4,0x4d8,0x4cc,0x4dc,0xb90978,0xb9098c,0xb9099c
      Source: C:\Users\user\Desktop\Fanduel CO Player Location Check F.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
      Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeQueries volume information: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run.lock VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeQueries volume information: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run.lock VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\attachments VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\settings.dat VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeQueries volume information: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run.lock VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\settings.dat VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeQueries volume information: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\attachments VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeQueries volume information: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exeQueries volume information: C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\reports VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Lowering of HIPS / PFW / Operating System Security Settings

      barindex
      Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
      Source: C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
      Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts431
      Windows Management Instrumentation      		1
      Scheduled Task/Job      		11
      Process Injection      		11
      Masquerading      		OS Credential Dumping95
      Security Software Discovery      		Remote ServicesData from Local System2
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		1
      Scheduled Task/Job      		1
      Modify Registry      		LSASS Memory55
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Scheduled Task/Job      		Logon Script (Windows)1
      DLL Side-Loading      		55
      Virtualization/Sandbox Evasion      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Disable or Modify Tools      		NTDS135
      System Information Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
      Process Injection      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Software Packing      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Fanduel CO Player Location Check F.exe3%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\PlayerLocationCheck.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\PlayerLocationIcon.exe3%ReversingLabs
      C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\win32locationapi.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\winrtlocationapi.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\CrashHandler\crash_handler.exe11%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      ums.geocomply.com
      		34.195.184.53
      		truefalse
        		unknown
        d292ismitxpjzw.cloudfront.net
        		18.66.122.84
        		truefalse
          		unknown
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		unknown
            prod-downloads.geocomply.com
            		unknown
            		unknownfalse
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              88.221.169.152
              		unknownEuropean Union
              		16625AKAMAI-ASUSfalse
              34.195.184.53
              		ums.geocomply.comUnited States
              		14618AMAZON-AESUSfalse
              192.229.221.95
              		fp2e7a.wpc.phicdn.netUnited States
              		15133EDGECASTUSfalse
              184.28.90.27
              		unknownUnited States
              		16625AKAMAI-ASUSfalse
              18.66.122.84
              		d292ismitxpjzw.cloudfront.netUnited States
              		3MIT-GATEWAYSUSfalse
              34.194.204.84
              		unknownUnited States
              		14618AMAZON-AESUSfalse

              Private

              IP
              127.0.0.1

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1542299
              Start date and time:2024-10-25 19:11:28 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:24
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Sample name:Fanduel CO Player Location Check F.exe
              Detection:MAL
              Classification:mal84.evad.winEXE@29/82@3/31
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 88.221.169.152, 192.229.221.95
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtDeviceIoControlFile calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtSetInformationFile calls found.
              • Timeout during stream target processing, analysis might miss dynamic analysis data
              • VT rate limit hit for: Fanduel CO Player Location Check F.exe

              Created / dropped Files

              C:\Program Files (x86)\GeoComply\PlayerLocationCheck\CrashHandler\crash_handler.exe (copy)

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:F55B931B7BF241E3ED8C6F9DAC59FBA3
              SHA1:47F5BE374F0CF500C96DEAC933D2E926DC0D2139
              SHA-256:C43D43A19A37ECD9C02C04D326C9BB8A5E2A9ED6AC3E84E9613DF9B343A020BF
              SHA-512:22A1D019DFBF6A636780B516A529EFDC1FB6F17D15712D77BF3355A027614D73D53561EBA267E3CBA27E660CD241D8264913BF4779E5DF38E1ACA99F0DF9EF26
              Malicious:true
              Reputation:unknown
              Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........lb....K...K...K.f.J...K.f.JZ..K.b.K...K.x.J...K.x.J...K.x.J...K.Q.K...K.f.J...K.f.J...KDx.J...KDx.J...KDx.JX..K.f.J...K...K...K@x.J...K@x.J...KGx.J...KJx.J...KJx.J%..KJx.K...K...K...KJx.J...KRich...K........PE..L...=G.f.........."......F|..\1.....X`.......`|...@..........................pJ.....C.....@.................................M2..d....P...$............... ...`J........T....................A...................................................... UE|......84................. ..` .<#..`|......>4.............@..@ .........|...R@.............@... (.............@.............@... ..............@.............@..@ .........r....@.............@..B.debug..............FD.............@..@.vm_sec..@......@...LD.............@....idata.......0........D.............@....tls.........@........D..................rsrc....&...P..

              C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.inf (copy)

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:57825971D603090D7500C4C96500966E
              SHA1:BCF23DB5FDF0E267EC8416AF01ACCAD1F0679342
              SHA-256:5B5303C4DE53D0CD36B3396E290C2BDA4BA8688A3EEAD74E6DF39F4B53481067
              SHA-512:8492BEF73452838732E942F2967AC92626FDE8B601C2E96198860F47F3663657DA492B7566C40F0E34553B977888C85F247BA1A876C7179CABA1566597CA0B5C
              Malicious:true
              Reputation:unknown
              Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......q.!.5.O.5.O.5.O.~.L.&.O.~.J..O.S..3.O.g.K.&.O.g.L.,.O...7.O...J...O...J.:.O...K..O.~.K.,.O.~.N...O.5.N...O.g.J.X.O.~.I.4.O...F.Z.O....4.O.5..4.O...M.4.O.Rich5.O.................PE..L.....hf.................nA.........X........A...@.......................... ........`...@...................................U.......U.`............p_.. ...........PU.T...................H.U..................................................... .mA......................... ..` ]....A.....................@..@ ......O..>....$.............@... .....Q.......%.............@..@ 8....@R.......%.............@..B.debug.......PU......h'.............@..@.vm_sec..@...`U..@...n'.............@....idata........U.......'.............@....tls..........U.......'..................rsrc.........U.......'.............@..@.winlice..W..pV......^(.............`...

              C:\Program Files (x86)\GeoComply\PlayerLocationCheck\system.storage

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 12, database pages 15, cookie 0x8, schema 4, UTF-8, version-valid-for 12
              Category:dropped
              Size (bytes):61440
              Entropy (8bit):5.504452205408694
              Encrypted:false
              SSDEEP:
              MD5:14CCDEFD1EC55BB252A3B70D0702A8EB
              SHA1:BEAB5CCFF8CDE7188E561E6A8A5B6FB24F864479
              SHA-256:A43215F21BA241FCBA7E4DEAA231B7B1E26469B94B960D65444947CC69C5A10F
              SHA-512:F29D7BC0D35BCB2C0A58114ABE89A61AFFF73A6C6D2DE06833076CF4028EA07F50A032B8A2A8D7469569497A70B3085FB12DCCA096741FC55DE8BAA8EC86E652
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................j...j........6...8.r...!.1.........................................................................................................................................................................................................................................................................................................................................j...==..kviewConnectedClientsInfoViewConnectedClientsInfoViewCREATE VIEW ConnectedClientsInfoView AS. SELECT *,. ((strftime('%Y-%m-%d %H:%M:%S.', substr(ConnectedClientsInfo.last_modify_timestamp,1,10), 'unixepoch')) || substr(ConnectedClientsInfo.last_modify_timestamp,-3)) as human_last_modified_timestamp. FROM ConnectedClientsInfo.....O5...triggerConnectedClientsInfoUpdateTriggerConnectedClientsInfoCREATE TRIGGER ConnectedClientsInfoUpdateTrigger AFTER UPDATE ON ConnectedClientsInfo. BEGIN. U

              C:\Program Files (x86)\GeoComply\PlayerLocationCheck\system.storage-journal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):3.554628317199766
              Encrypted:false
              SSDEEP:
              MD5:6622249E854ED4292BCEC04179F4CF78
              SHA1:B2E480CCE3495AB9E1DE9539238636D56DDE9B42
              SHA-256:0A47A62F85B1439FDD3B303CBBBB57B80E343D49D514D8EDE07DD3058A296251
              SHA-512:5DB8D984017AECD84C73FBF94A4548A0BD59D481ECCF63CFFDAC9CCBA354EADB82B7532CF0F59585DC560A18536FD8A10C18A36B3A86FDE2DADFF2A372683C39
              Malicious:false
              Reputation:unknown
              Preview:.... .c.....!U.C....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j...j........6...8.r...!.1.........................................................................................................................................................................................................................................................................................................................................j...==..kviewConnectedClientsIn

              C:\ProgramData\GeoComply\Logs\Fanduel CO Player Location Check F_2176639854.db-journal

              Download File
              Process:C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.1384465837476566
              Encrypted:false
              SSDEEP:
              MD5:42BA123CBC703A265160624D20DAA256
              SHA1:D611C91FC87259C1C039E07572A3A619473A9C3E
              SHA-256:A48BCC4C72FB31C0EE23823C3658B0039D4A2A2785ED5AAE3AFA0E56253DAF5A
              SHA-512:38121462A2D14081DD6D8BDB1E5EA283CEC8A1C48C0BD0610B29C24FDE05FFC3A6703D153A35EA5E2A58C4E5D0B101876D673D3BC77526FA49DC3DA1FB90D04C
              Malicious:false
              Reputation:unknown
              Preview:.... .c......=.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Logs\GeoComplyUpdate_1580360676.db-journal

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.13784977103055013
              Encrypted:false
              SSDEEP:
              MD5:DF000DB5AB124C93A7D29258C6360BC5
              SHA1:D5A92EBA160B2234542E499EFB72E57EF2CF6736
              SHA-256:9FE422D59D09698FBCBE79537AB5AB93638EAF5A072FA7D4821A55524E1A1630
              SHA-512:C2CA4174E112FE2643BF7BA36E2DA61A1D9C6F386CF9A31F4A5C622F37772C4499BEF7F0DA7E6E84B1C4DF965F66DC7A3744F5D3708CD49B1B655AB5F0E373B7
              Malicious:false
              Reputation:unknown
              Preview:.... .c......j.N....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Logs\GeoComplyUpdate_1580360676.db-shm

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.11728739871872719
              Encrypted:false
              SSDEEP:
              MD5:19923FAC6DBBC4AAE755A0C01306FC55
              SHA1:A0236B6AF1797190F5E4F0D7CD54BB230027DE83
              SHA-256:6A35405920C6D84BE830C8797F07C55FC7379DFF5E2D4ABA4D31083B3E96BF4C
              SHA-512:6DE40E1071A1FD112445CA8E20B4231EB6176F64C88B62C8A9B02ACFB26F6B64D927DB953A422AACC9395048331A726910C4DFCB82CFB00455C67A1AB9A84F20
              Malicious:false
              Reputation:unknown
              Preview:..-.............^......._..Jx.&}............{..-.............^......._..Jx.&}............{^.......^.......................^.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\PlayerLocationIcon_172160179.db

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe
              File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 3, database pages 5, cookie 0x3, schema 4, largest root page 5, UTF-8, version-valid-for 3
              Category:dropped
              Size (bytes):20480
              Entropy (8bit):0.6716471377657601
              Encrypted:false
              SSDEEP:
              MD5:9F3D1285DF43DA51BD5216C5DF4AC687
              SHA1:C72B06702DE6F924F95ACFDDB464BAECD7663D39
              SHA-256:C3FDAC0B4355A2997DEB6D3A56F28B52C2D09F699A58932905104AAB133051F1
              SHA-512:4C52F41529FAF51D72F5703EA94D1B3E60B153EAA0A4B261732C12F774ED8CCD84CAF4608BF5937994C7389B816DEA92FE0D88C5D4DC5C58A3A740B4C946B8AA
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................j............@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\PlayerLocationIcon_172160179.db-journal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.1378497710305501
              Encrypted:false
              SSDEEP:
              MD5:1DD8DF41D4AFFE3F3117850BBFF95118
              SHA1:56490E37BBD9A4533BF6D28D0595C13E613FC323
              SHA-256:4111CB9FFCBBD88E7E50EEC49EFD871FF3105D643110BDAE0BC992F56831498E
              SHA-512:8FCDFA0776C9E60EC64133014DE9488DA0F561789798D3E31AF6A30A46F86763AA95C29809CFD30636CA9AB80F3C8B5367C12257B210186D1694E5BFEB599146
              Malicious:false
              Reputation:unknown
              Preview:.... .c........V....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\PlayerLocationIcon_172160179.db-shm

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04005725521629677
              Encrypted:false
              SSDEEP:
              MD5:B7FE339CF88DA66D95FD19C1E167EC48
              SHA1:026E4F7ED8CDEF99E6688ADD5EA30B2477E2EDA0
              SHA-256:606EADC276FECC3A00213A0D43E688C27D92B78332A4DCB31B1C61556F303146
              SHA-512:219F8D8D468E572E9111AFD50E91D4D2F366E87560C8585F0AE0BCE98A8481B159533EEB5AD3CC79FF1FE42116434E45077B21576B5E26EB1E4AC4785F240B30
              Malicious:false
              Reputation:unknown
              Preview:..-............................T..{....'{.4......-............................T..{....'{.4............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\PlayerLocationIcon_172160179.db-wal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:dropped
              Size (bytes):24752
              Entropy (8bit):0.838347475333276
              Encrypted:false
              SSDEEP:
              MD5:949C2333DFD265E43B76165DC376B639
              SHA1:18790C5F2310D0CF965D45AA09CC9FD1217D6036
              SHA-256:8FE273685D6F1F3A26754683E30C3D876B585887AE2F87ACE70322E60F2DDD1B
              SHA-512:1C2D44AD44B50921DDB5BC0A3A76E45CA981CE1EF35D7B2F178A52D0ED750D4562F6A7DA678C68DF4077807A5043074256D18E2AF934FBF9F03555220B893A32
              Malicious:false
              Reputation:unknown
              Preview:7....-............{.....b..+&.&..........{.........;.xSQLite format 3......@ ..........................................................................j............@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\__sentry-event

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):1609
              Entropy (8bit):5.720666953651039
              Encrypted:false
              SSDEEP:
              MD5:330B0E4973AE3E5C0E4FA5AFE3B51E5B
              SHA1:4BBE3FCC40F5E79B6C9C9FD21E45818716E36C25
              SHA-256:07676CC253C91D52D2246CAC69483A696890E12C6A3086019B0A46F15B59E600
              SHA-512:30AE6A9C3E1CE43C9D0DCE9911E78B547EE7416981421872AF982E66A07E0B8BD53854DC3AE3E667805835969354C34801768462DEA11D99FB693F153485D1F3
              Malicious:false
              Reputation:unknown
              Preview:..platform.native.release.4.1.0.0_g4199df17.environment.production.level.error.user..id.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.sdk..name.sentry.native.version.0.6.2.packages...name.github:getsentry/sentry-native.version.0.6.2.integrations..crashpad.tags..service.+com.geocomply.internal-updater-microservice.version.4.1.0.0.device_uuid.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.device_uuid_v2.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.device_uuid_v3.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.plc_os.*Microsoft Windows 10 (build 19045), 64-bit.mac_address.ec:f4:bb:ff:25:8a.solution.Windows PLC v.4.1.0.0.build_type.release.extra..details..:{"version":"1.0.0","sys_info":{"os_serial_number":"00330-81623-10244-AA021","volume_serial_number":"B81A4609","motherboard":{"manufacturer":"AOMZE7H2L4","product":"CB8YD8CCW8","serial_number":"7369695092380500"},"bios":{"caption":"VMW201.00V.21805430.B64.2305221830","serial_number":"XK537MVW5M","version"

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\669c9e1a-837f-44b4-8322-734c54ad9e84.run\session.json

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
              File Type:JSON data
              Category:modified
              Size (bytes):266
              Entropy (8bit):4.957777316748838
              Encrypted:false
              SSDEEP:
              MD5:5EBA98BB727A3C99FB62768900F3E5C4
              SHA1:D3ED4EA6674378E767EC62455379B0D7BA7D3B94
              SHA-256:32C076C03A9FE2683B2832420CF56C08AF313F9EB2B73EA5FFA4E0DFFBCBBC06
              SHA-512:AF8797AA913A6C970E877F6024F4286CEE990C50FC4863E3609125E31403C90AA44821A8B900FC94F4331798968408715189D7976E55FB05E7E4EFF2E4402450
              Malicious:false
              Reputation:unknown
              Preview:{"init":true,"sid":"f470e282-47da-4007-6d22-dd3271ad6cc9","status":"ok","did":"A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D","errors":0,"started":"2024-10-25T17:13:44.643Z","duration":0.447,"attrs":{"release":"4.1.0.0_g4199df17","environment":"production"}}

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice\crash_dumps\settings.dat

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):40
              Entropy (8bit):3.3454618442383204
              Encrypted:false
              SSDEEP:
              MD5:64819F155BCC790688FC3A335D987F58
              SHA1:DCBBB36B0AB484B2D73E57758633D81DA4438FA6
              SHA-256:01C03ADC44C6C5F9F295DBCA2E5CEC617274B76C7A47F15DE35AADAEE1CA6864
              SHA-512:4AA950686DAB8AC7F70AA68F83B77E6B2A7C3B4CA5A19575F4CAA7CD4DC211EF312BEE535E9454192D43E84170F74484A3F7A053C90903709A6890B9966F1AAF
              Malicious:false
              Reputation:unknown
              Preview:sdPC........................-.I.R4...o.

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice_557200656.db

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
              File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 3, database pages 5, cookie 0x3, schema 4, largest root page 5, UTF-8, version-valid-for 3
              Category:dropped
              Size (bytes):20480
              Entropy (8bit):0.6723562400575985
              Encrypted:false
              SSDEEP:
              MD5:11BCADBA636D3E04392902B132609F16
              SHA1:30609A54C046A0DDC58E6A20845EAF42C7F0B245
              SHA-256:26121253FBF1B3D3C89D5DDEEEE0F870B7075FF763B53F6333DFE65812D95FC1
              SHA-512:002C9CD26229A1DC079918E1B966484E16717FCAD8F308648153C3B20111A5CAFF2560046B377C68A2F305659917E9E54C60420A97FC8BCFFD49FB5A03ADDB58
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................j............@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice_557200656.db-journal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.1384465837476566
              Encrypted:false
              SSDEEP:
              MD5:81E1A35DF85D73535977D14D60DF894F
              SHA1:8E33E1EF9F44F48BA090FA62EC901AA7403774AD
              SHA-256:A1F2A6C3C6D8043CDC518402964A50762E1AC63D69EF446CF64A760FF44846CB
              SHA-512:147F875DB85E9000318D4E405C4E182DEEBD271D8F3AA5FBE55BFD9213650E7A1BE000E60536A1B39D956C8D772D7036F45F21EC92B2E8365BA156FF76FBA8F3
              Malicious:false
              Reputation:unknown
              Preview:.... .c.......9T....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice_557200656.db-shm

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04001118053965105
              Encrypted:false
              SSDEEP:
              MD5:0D8C555A02A2C9AB27A44B46AA9F27C0
              SHA1:226AA8499062E0081630497574AA29AACED3D880
              SHA-256:0E0FA0FE81E4ACC329FCEFF4A60C9F66E200D45A9558B529E910ECB15FAD972B
              SHA-512:0E23C406CB18464EECF60A9D501DEF8ECFB3DF7B03880E9552ACFDB9F78FA65A64BF2CA5757377A47E0A75E0CE987D502ABCC7FB1644F12ACD1920413F8A11F1
              Malicious:false
              Reputation:unknown
              Preview:..-.....................I./Y6...;..F. .....Z .H...-.....................I./Y6...;..F. .....Z .H.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.internal-updater-microservice_557200656.db-wal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:dropped
              Size (bytes):24752
              Entropy (8bit):0.8347385336105629
              Encrypted:false
              SSDEEP:
              MD5:1D3CC6C489D1408DE453C6FE17666ED7
              SHA1:48E9021E11F8FB73D2C9FFB635668A1737B1497B
              SHA-256:F33ABBB3041FC54F8892C1625EF0C849AEA13404C2ECA1521A300251728E119D
              SHA-512:8BD1FD0DC2E118310960D5BC80A6D24FEFDD912367C5037A643D8E3500FDF0D59D7C0AAA973708249226DAA44B696C8D3794FC96680EC09F368AAF145073AE5D
              Malicious:false
              Reputation:unknown
              Preview:7....-..........;..F. .....N............;..F. ..CJU.....SQLite format 3......@ ..........................................................................j............@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\__sentry-event

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:data
              Category:modified
              Size (bytes):1608
              Entropy (8bit):5.719122033749891
              Encrypted:false
              SSDEEP:
              MD5:1A46507D6D4A9BF23DD0D023E5EF2002
              SHA1:5CB280D6903823E113B4DC85F15EC8D516ABF982
              SHA-256:4B23427A7C29E3775C7A3BE9D19DF395F1D16F74330A18A8C86351F7505A8E8B
              SHA-512:7EFB5E9331F549AD8FB2801EE99DB6A4F4ECA14130516D6E924EC9668D26F78808FE06D8068CB94BB2E4FF3E6CBB678F94541F93C20FFB4813D196B24EEA3958
              Malicious:false
              Reputation:unknown
              Preview:..platform.native.release.4.1.0.0_g4199df17.environment.production.level.error.user..id.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.sdk..name.sentry.native.version.0.6.2.packages...name.github:getsentry/sentry-native.version.0.6.2.integrations..crashpad.tags..service.*com.geocomply.process-scanner-microservice.version.4.1.0.0.device_uuid.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.device_uuid_v2.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.device_uuid_v3.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.plc_os.*Microsoft Windows 10 (build 19045), 64-bit.mac_address.ec:f4:bb:ff:25:8a.solution.Windows PLC v.4.1.0.0.build_type.release.extra..details..:{"version":"1.0.0","sys_info":{"os_serial_number":"00330-81623-10244-AA021","volume_serial_number":"B81A4609","motherboard":{"manufacturer":"AOMZE7H2L4","product":"CB8YD8CCW8","serial_number":"7369695092380500"},"bios":{"caption":"VMW201.00V.21805430.B64.2305221830","serial_number":"XK537MVW5M","version":

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\7c81dbe1-41c9-4555-b8e4-f1a74f38ca92.run\session.json

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):266
              Entropy (8bit):4.997195828562238
              Encrypted:false
              SSDEEP:
              MD5:CEAE61BE98CB6EB57E9DE30CA38CED2B
              SHA1:56F60E0E05370A1C4236C8494A276E181E1BA244
              SHA-256:587A3B7B348ADECC94E22A3B9D43B6F26AD7943DD5CEF5193A93A4ABCAF149DF
              SHA-512:08535018E4E633FD03BFC22FA75995494692FC1CB39D2CD1732EBC059841D03CDF06007844561BF11232E3225DAA6172EE4F8356670170DF6E073A94F26922A0
              Malicious:false
              Reputation:unknown
              Preview:{"init":true,"sid":"3e622c63-c5e1-4e98-3e9b-8f453aedb789","status":"ok","did":"A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D","errors":0,"started":"2024-10-25T17:13:29.192Z","duration":0.096,"attrs":{"release":"4.1.0.0_g4199df17","environment":"production"}}

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice\crash_dumps\settings.dat

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):40
              Entropy (8bit):3.3454618442383204
              Encrypted:false
              SSDEEP:
              MD5:BE2B38B77CF0E510587D68ADC2166493
              SHA1:C04D7D840EB953AD656E806F5B999DF15B744DB6
              SHA-256:5225A0CE758E1E7EB33C47DFFF0469F2B096637DBE18371FC62783BBD0E205A8
              SHA-512:8DA0C0B1E9FD07D57442F470C61270DFBCCEF2903B5D7FAE86ECBFCAA3CB155CB2EC4C43B9E02B8E6C285FEA8ABCA9FDA948658E82CF916906840A975EACD292
              Malicious:false
              Reputation:unknown
              Preview:sdPC.....................u.E..}A..B...

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice_2896009360.db

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 3, database pages 5, cookie 0x3, schema 4, largest root page 5, UTF-8, version-valid-for 3
              Category:dropped
              Size (bytes):20480
              Entropy (8bit):0.6712621393927913
              Encrypted:false
              SSDEEP:
              MD5:94BD70A4F1AB06E783A74ED0ADE94467
              SHA1:A9D95FF94167EE47D5EA84F5452F6A9B669CF414
              SHA-256:8A0323638AAB4051A31094B4E95F751626273CB9F3DE3ED6A23418D4B622DBAC
              SHA-512:B9A461F9FC7E818849C814F7D7CA419BFC0DCD846E3AC986BBD2339205E1B98F8F4B1F64C14D41A18F817F66277DE83E6C08851E2B5145AA6B368D453004BFEB
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................j............@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice_2896009360.db-journal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.13784977103055013
              Encrypted:false
              SSDEEP:
              MD5:8106DD3596940B721757DCDE02F732E6
              SHA1:E4D241FEE68318D071B1818F654C9FCEB27571E8
              SHA-256:24605E1A38B8D41DCFA3A4485BA7211C5CEB6BE0669A047B835C700D6473456C
              SHA-512:C7E563DDC3177534D14951B94BF1BD7FC62E2C7B337FA74AC2DECAF462CD17FD20BDC8A658AE202B361A54D496BF0F0664B6095CD952622454D4AC2FB5855F5C
              Malicious:false
              Reputation:unknown
              Preview:.... .c........z....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice_2896009360.db-shm

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04188161322970467
              Encrypted:false
              SSDEEP:
              MD5:99DEE40F72ABDDDAEF73B0B6925EF9BC
              SHA1:BE012D6C3D5D58B470666BA21FB1616F4F7839EF
              SHA-256:511559ED3D7775409856CD252CFB70D4022B90B3E93F367246999D929CD28AC9
              SHA-512:134A348D6780CDB96ED4E5D3EAE2B7E4D3A162DA06589BC5CA25BBB6867332EBD04C140093593BC9CC5EC5CCE53E7BA1EB58DF1C1CB51144ECCDDD321B36851C
              Malicious:false
              Reputation:unknown
              Preview:..-.....................^#..RH.@.q...E..I.J-#F.Q..-.....................^#..RH.@.q...E..I.J-#F.Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.process-scanner-microservice_2896009360.db-wal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:dropped
              Size (bytes):32992
              Entropy (8bit):0.8957474176369724
              Encrypted:false
              SSDEEP:
              MD5:136E567DACFB99CA25846BDA959AB848
              SHA1:E3B07E23270BF0ECE1E5F513A366F9878632CCE9
              SHA-256:331C2762753CD48DD5E25CD6CCE8200D3CC05C24384A3A308A3892CCB4815857
              SHA-512:F664E2B408C157446A27DA5B576D10B337520A85599A9F4BD5F982809EBF2F6587BB2B21820AC6D6FA8F5C517D55D26813AF1AEFA2073FAADEC94532B132F3AD
              Malicious:false
              Reputation:unknown
              Preview:7....-...........q...E...st.an.P.........q...E..*fY.....SQLite format 3......@ ..........................................................................j............@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\__sentry-event

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
              File Type:data
              Category:modified
              Size (bytes):1604
              Entropy (8bit):5.723210626279451
              Encrypted:false
              SSDEEP:
              MD5:5AEF9B0B7DBC59061007ABD8FC5DA838
              SHA1:0F959BCDFFA7A3ADB8A0DC330288DA73602B9A64
              SHA-256:9286D283E87EFCDFAA8A543429B9CED92E79B6BB86603C47B3588B49BD7FAB1C
              SHA-512:7264D98B63AD7FA47D1D091BC26F0199C003628090E80F0DC94B44D88252000F8184661212C798EDE6D72792FA402E624C594DDD7992C987203B19BA8E2E41BB
              Malicious:false
              Reputation:unknown
              Preview:..platform.native.release.4.1.0.0_g4199df17.environment.production.level.error.user..id.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.sdk..name.sentry.native.version.0.6.2.packages...name.github:getsentry/sentry-native.version.0.6.2.integrations..crashpad.tags..service.&com.geocomply.vm-detector-microservice.version.4.1.0.0.device_uuid.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.device_uuid_v2.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.device_uuid_v3.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.plc_os.*Microsoft Windows 10 (build 19045), 64-bit.mac_address.ec:f4:bb:ff:25:8a.solution.Windows PLC v.4.1.0.0.build_type.release.extra..details..:{"version":"1.0.0","sys_info":{"os_serial_number":"00330-81623-10244-AA021","volume_serial_number":"B81A4609","motherboard":{"manufacturer":"AOMZE7H2L4","product":"CB8YD8CCW8","serial_number":"7369695092380500"},"bios":{"caption":"VMW201.00V.21805430.B64.2305221830","serial_number":"XK537MVW5M","version":"M4D

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\45486123-14ac-448b-b329-88f65937ab5b.run\session.json

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):266
              Entropy (8bit):5.004698830436044
              Encrypted:false
              SSDEEP:
              MD5:336E0AC222C181F81A09E2E1EC127027
              SHA1:DDC1956C3378D371CA1199AA15DC09DCB1D22BC7
              SHA-256:9B066C313AFDE3CA49B2AA2CB81B4CE57CBC1D66F63A4B471F9C9F5B3439E59B
              SHA-512:6438955F8A7933A73E421F70E5FC7EA5CAD5B50756E920D5EAC23A06E6C749CA362C439FC17BCF49D985CA03C80F4C3157F8A0517958187502593AA2E07439AA
              Malicious:false
              Reputation:unknown
              Preview:{"init":true,"sid":"f05406cc-11c3-44f0-41bf-2abec7d60acf","status":"ok","did":"A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D","errors":0,"started":"2024-10-25T17:13:32.755Z","duration":0.351,"attrs":{"release":"4.1.0.0_g4199df17","environment":"production"}}

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice\crash_dumps\settings.dat

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):40
              Entropy (8bit):3.39546184423832
              Encrypted:false
              SSDEEP:
              MD5:56DA368E2603AC9B36135D997874E72A
              SHA1:FE82278B3AE4D1C134A542AE122C89E83A704D90
              SHA-256:245B2BAD2092D37B10F74FF96C4526F56A8CB22590692EAFACC9E8BFCFD78739
              SHA-512:A9BA7E731FD1CC2AAD6E2EEEE35CC09C1B1FAF8E3114F8107588614834C759B404C292C43D11337D437652DD43FAADFD43F3E868143873A02583F3A2F7F20B24
              Malicious:false
              Reputation:unknown
              Preview:sdPC.....................F2..o*L..a\.!.

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice_4247176220.db

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
              File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 3, database pages 5, cookie 0x3, schema 4, largest root page 5, UTF-8, version-valid-for 3
              Category:dropped
              Size (bytes):20480
              Entropy (8bit):0.6722366902033163
              Encrypted:false
              SSDEEP:
              MD5:1CCBDFBF7A83CF4AE457FD35B416C10E
              SHA1:5D2892FBE9B2F3FD6173E850BC5D303D1B3B8DC6
              SHA-256:5CEC6725B37E750620CBDE9901B00F79DD40B0BF7F74B031DF03765F68B00C6C
              SHA-512:D5D38BAA99B4EB7FFD0A1F33F601E0976D00232F5179DFFB51E45E556F172ACC12A5D610F95D34BA3F2741C90668B721FA4E4C50C0654F05AC46694BC571113A
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................j............@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice_4247176220.db-journal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.13725295831344367
              Encrypted:false
              SSDEEP:
              MD5:3086B18257305BB77A90BBD5E7309B27
              SHA1:49B7A8AEA51ECA75A0D3612209ADF3B1A3E157F2
              SHA-256:D7337E41E1BAC1DF7468A1EBE19EE194BD0E789D447A9636352DA388173304D5
              SHA-512:A01D04F3690D9313C3F2ECB538DC19B32D32960390AB788DA44D2007021FFBFEFE565A80B7F9270AFCB5B34225FD6D79E0B1D76CFE888281A55C37149702D545
              Malicious:false
              Reputation:unknown
              Preview:.... .c.....e@.F....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice_4247176220.db-shm

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04001118053965105
              Encrypted:false
              SSDEEP:
              MD5:27A7C4CD5158EC4287C489959FAACC48
              SHA1:3C2DE182BED619CB8EF0EA39BCFA2D57F1101A84
              SHA-256:067BCF9CA94E599235DB6059CF351C01B7A1D0F952424645A9BC129A80E417E8
              SHA-512:F4D221A074E8CFACFA39A1E35406184D917896D12D43F86D6003500F3007EE1A32828B1D498A25AA7B8B09984A2243FD0731287989B7F382C07CB0F4D9DB9EC8
              Malicious:false
              Reputation:unknown
              Preview:..-......................iu...l..I.db..t^....7...-......................iu...l..I.db..t^....7.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.vm-detector-microservice_4247176220.db-wal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:dropped
              Size (bytes):24752
              Entropy (8bit):0.8333742606012631
              Encrypted:false
              SSDEEP:
              MD5:767AB6B3ED55ED4580E38F84D539A208
              SHA1:DCAD2028A6AAA7FD8626A72765760DFF2C2008F4
              SHA-256:2D05EC20D8A98C05B26C6DBD6E1957F2D31E7B071F2C901E24DA0DB15FA6278B
              SHA-512:F19DE3523E6F7F12E5A197474AA94062A0A7CA6A6AEFA942025001FB222C205FA4B4A0032C2A4119D8A41DDC3B3CABAEFFC0C1F57DE4E0C14AFA925208CF6CAC
              Malicious:false
              Reputation:unknown
              Preview:7....-............I.db...0...(D...........I.db...Du.|j.SQLite format 3......@ ..........................................................................j............@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\__sentry-event

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
              File Type:data
              Category:modified
              Size (bytes):1605
              Entropy (8bit):5.724199378254114
              Encrypted:false
              SSDEEP:
              MD5:C19A01AEE1AF1F39832A3ED41B62DD4A
              SHA1:B4B3273863528E97050BBB46313F8E63476E92BB
              SHA-256:2542B8EDDC0070800D42D352880E3DC94AD74341BEE91660FF4D5FF70CD6BCE6
              SHA-512:96FF49FC92CFA095F853BF4DE84E7BD3AC7F70D7591F1149D84DA931ACF094644D3F1DCBE33E069AB39335FDF230E2A4926615BB344A8FA1CF47D32EC332E8F7
              Malicious:false
              Reputation:unknown
              Preview:..platform.native.release.4.1.0.0_g4199df17.environment.production.level.error.user..id.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.sdk..name.sentry.native.version.0.6.2.packages...name.github:getsentry/sentry-native.version.0.6.2.integrations..crashpad.tags..service.'com.geocomply.wifi-scanner-microservice.version.4.1.0.0.device_uuid.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.device_uuid_v2.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.device_uuid_v3.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.plc_os.*Microsoft Windows 10 (build 19045), 64-bit.mac_address.ec:f4:bb:ff:25:8a.solution.Windows PLC v.4.1.0.0.build_type.release.extra..details..:{"version":"1.0.0","sys_info":{"os_serial_number":"00330-81623-10244-AA021","volume_serial_number":"B81A4609","motherboard":{"manufacturer":"AOMZE7H2L4","product":"CB8YD8CCW8","serial_number":"7369695092380500"},"bios":{"caption":"VMW201.00V.21805430.B64.2305221830","serial_number":"XK537MVW5M","version":"M4

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\691f3630-1eca-4039-c9ce-4adfb1db20d6.run\session.json

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):266
              Entropy (8bit):5.0079016556319305
              Encrypted:false
              SSDEEP:
              MD5:D7A4F38364CC91F7273F516E616A33AC
              SHA1:00640F26704AF2F7AD1C181E4C7E3A62CE12D8AD
              SHA-256:BAA9739B62A6E3B83A473FA937E13CDCCE04C07D63151420489B7F2C1745A726
              SHA-512:FD8FFB2A2244A4209B9F161EA6F38261E4CDD18EA379DA3E38D7E98AEDA3C91F9ED44FB38959D600C60E47C1D89400DE5BB288B771D05D37D99309C3BACE1CED
              Malicious:false
              Reputation:unknown
              Preview:{"init":true,"sid":"9162749b-493c-4577-e5bd-aab3c3b5bf91","status":"ok","did":"A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D","errors":0,"started":"2024-10-25T17:13:38.118Z","duration":0.447,"attrs":{"release":"4.1.0.0_g4199df17","environment":"production"}}

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice\crash_dumps\settings.dat

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):40
              Entropy (8bit):3.39546184423832
              Encrypted:false
              SSDEEP:
              MD5:90B1AAD5C1C2A409B17247B183EA11D4
              SHA1:C3DBC937CAFDB56794A43F933C902C7CCED5B1C0
              SHA-256:E258907F6C2C0C4227682787775F20EAA177683E8F6BF147BA25F36CD91E1099
              SHA-512:571E62D78268399ADE840CA9F6902959A438E7C88E20852F581120DB490641125DCF4FC8EC610EDDF0CF2BF928BD078D977DF5399C65417EC6630E07495DF3D6
              Malicious:false
              Reputation:unknown
              Preview:sdPC....................Xi..S.UK..}....r

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice_80887710.db

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
              File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 3, database pages 5, cookie 0x3, schema 4, largest root page 5, UTF-8, version-valid-for 3
              Category:dropped
              Size (bytes):20480
              Entropy (8bit):0.6717192504757241
              Encrypted:false
              SSDEEP:
              MD5:38E436758F1B0DA9C7822753B9715624
              SHA1:B64DF3DF0B51F20CE09B56B98A072DA6F19F4D27
              SHA-256:45E606FD7DDD2A9349CE9B49EA8A174B463EDB6A4CF93FE6B0AC48599149D170
              SHA-512:2580786991084AC82FEE966D6631DB1EA72D586DC97FA3782EC6A0CF6072226309607772A349063AA1B1C6E765C17C4C37F0312B340C732572A387E8A36822C5
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................j............@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice_80887710.db-journal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.13681650948595175
              Encrypted:false
              SSDEEP:
              MD5:A6BE25DA56A9FBC6C5E8BE0CE8573860
              SHA1:46B95179C38F840E77C5CAA4108632CFEC89DEDC
              SHA-256:1AE285445BB39127EC2A0B3C9E0BD9F5664D95CDDB17E1F3D5CDB5105A0E7300
              SHA-512:965CA73E9CDA53C4985FC3090F6BB3C026F52FCDBF8E408697374C4F7C1E085C60FD0916CB23294A7E8A9331A0F48DEEC46482166E6CA5D6B0FEE61C1992DB3E
              Malicious:false
              Reputation:unknown
              Preview:.... .c.....V.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice_80887710.db-shm

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04017932552879677
              Encrypted:false
              SSDEEP:
              MD5:FBA403F4D52AA76F44D43983F1245A34
              SHA1:420281E6BB427751D3FCD24A213D7BA0642C614C
              SHA-256:0E9A4663C37EA84B424B8996F3712F02875F94FD45688E9CB28C0A01768DCCA8
              SHA-512:1F990F24D1FEF66E90250E7CF79695314BA183D09B2EA18B61D4F19C408DF7C280C70E960FC30CE1D976B505958F2D4673314252958843AD4832586956CCD34F
              Malicious:false
              Reputation:unknown
              Preview:..-.......................H....k..m..d..|.Y.....-.......................H....k..m..d..|.Y...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\com.geocomply.wifi-scanner-microservice_80887710.db-wal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:dropped
              Size (bytes):24752
              Entropy (8bit):0.8355875907858177
              Encrypted:false
              SSDEEP:
              MD5:64F4E1B1317163A5980782A3A7E095D8
              SHA1:3C757255F26929CA4C04C1D0354574DBA97BF6B1
              SHA-256:B3B459B154C4F6F8EF2648FA9B2CFBD407EE73277E590D1BF1C125E65E02E35B
              SHA-512:2F581A768A55DE396C6E5B0446B4A83F1A92C468004624335E0B7795E4020B75BAF079DE3FE3DECDEA0D8351E17475009915BBB915A9078E83818FA3952F312B
              Malicious:false
              Reputation:unknown
              Preview:7....-...........k..m..d..n..@...........k..m..dv.......SQLite format 3......@ ..........................................................................j............@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\__sentry-event

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
              File Type:data
              Category:dropped
              Size (bytes):1586
              Entropy (8bit):5.730622561177221
              Encrypted:false
              SSDEEP:
              MD5:90B000D7FEAA99E7473B7499A3D82D88
              SHA1:4C657923E2C06A7B5EC435EBC50CE01F269AF808
              SHA-256:8DFEDD3BA1B49C58E093FF59DF35A7BBB0273936B63226066B0AD7CA4655629D
              SHA-512:3784943833D34D085D92F2A647882CB3B334A3011CD0B7F8140778091E9B484F2D8FFA57204A492E1098465A3D0FA53BE3B5B464A1DD2705989A077BAABE3D39
              Malicious:false
              Reputation:unknown
              Preview:..platform.native.release.4.1.0.0_g4199df17.environment.production.level.error.user..id.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.sdk..name.sentry.native.version.0.6.2.packages...name.github:getsentry/sentry-native.version.0.6.2.integrations..crashpad.tags..service.Player Location Check.version.4.1.0.0.device_uuid.5A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D.device_uuid_v2.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.device_uuid_v3.55693D980-51547F84-D602A0AE-9346F745-5C237AF3-CF3E6CF8.plc_os.*Microsoft Windows 10 (build 19045), 64-bit.mac_address.ec:f4:bb:ff:25:8a.solution.Windows PLC v.4.1.0.0.build_type.release.extra..details..:{"version":"1.0.0","sys_info":{"os_serial_number":"00330-81623-10244-AA021","volume_serial_number":"B81A4609","motherboard":{"manufacturer":"AOMZE7H2L4","product":"CB8YD8CCW8","serial_number":"7369695092380500"},"bios":{"caption":"VMW201.00V.21805430.B64.2305221830","serial_number":"XK537MVW5M","version":"M4DAE"},"cpu":[{"capt

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\51b1be05-a7ff-45b8-865d-99baf29cee9e.run\session.json

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
              File Type:JSON data
              Category:modified
              Size (bytes):265
              Entropy (8bit):4.958618980554228
              Encrypted:false
              SSDEEP:
              MD5:C8E78F1CD687367CE9B400AC6DDA5F5C
              SHA1:38D99E9DD931ADC01E9299EDC063E3807DA0CE6D
              SHA-256:AC39B8C4655E9D0E1F332BEE2408CBA1E4075CD24F5F318068DE34FF7675F8E6
              SHA-512:F8F7ADDE327747AAA33D44634DE30106F1A195D13AE7DA33D218DC71F902FC5FB217AAD5D36D025F2D7EEB9E04CA888C5DBD79AF179748D08AA46C727566D940
              Malicious:false
              Reputation:unknown
              Preview:{"init":true,"sid":"dce391b9-955b-49b1-f7ab-e0909c29c3e5","status":"ok","did":"A270FD98-4CB88451-2B900E3F-55DD2D18-C94D5125-AFDBAC0D","errors":0,"started":"2024-10-25T17:13:52.050Z","duration":0.59,"attrs":{"release":"4.1.0.0_g4199df17","environment":"production"}}

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service\crash_dumps\settings.dat

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
              File Type:data
              Category:dropped
              Size (bytes):40
              Entropy (8bit):3.39546184423832
              Encrypted:false
              SSDEEP:
              MD5:5FF57BEAA9CDDC894CB2EBDA5F6612D3
              SHA1:8D9A70C5308CBF9BB0B44042DA51E775B07AFFFA
              SHA-256:8290E49396FA52E094950F0B7718DF4D050913E286D64FCDF9E3C5F3D1302870
              SHA-512:EABF5F5D281016F42FD97909E82B61614B2C6387302FF852476963BA8497DE4087322C9941D3FAA6A6528553B78D632FECF4C044BE0A139E56CB49C7D8854316
              Malicious:false
              Reputation:unknown
              Preview:sdPC....................n..j.,.A.......w

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service_3452204400.db

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
              File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 3, database pages 5, cookie 0x3, schema 4, largest root page 5, UTF-8, version-valid-for 3
              Category:dropped
              Size (bytes):20480
              Entropy (8bit):0.6715638955880024
              Encrypted:false
              SSDEEP:
              MD5:3662D67A680783CED861093B29C35103
              SHA1:E561EE1EFB4B66B0216F9662EE754C10036BC9B6
              SHA-256:980DE3C2BAB7FE81F08FE6EE4C6E73842D48DCD08421D4FA7720D0428295AE86
              SHA-512:2461EB92EED7BEEF3F5EFEE31663A9D72956A2194E8ED80EFF4A69E6D994E87C42453CE85DE46539D65332886A18522A5C14B8D7F01B2DA396917C36AFC6B273
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................j............@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service_3452204400.db-journal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.1384465837476566
              Encrypted:false
              SSDEEP:
              MD5:639A748C78E32BAA269F70467CAC0408
              SHA1:6227EBA590FE205CFA8CC546A9F10CF3B5ACDECB
              SHA-256:53858CF01B6F006827A1FCE4FDED4DAB268FABD0A22534EC22290325B8D4FBFF
              SHA-512:C915E4C50301968F7D3A579815891F8DC3390CFFFD90C1B44688AB297318BBAB565156FE8053CAEFA516E88A7AE22D9A698214FA48F63186B3F30C7A7C17283D
              Malicious:false
              Reputation:unknown
              Preview:.... .c........b....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service_3452204400.db-shm

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04339743163267482
              Encrypted:false
              SSDEEP:
              MD5:9E02DEB25909BB429AD8F53B89F36C66
              SHA1:05C1FBD8911930DF2A6405EC9F615A441B4733BE
              SHA-256:6C128F24DF2DC5C936B3AD9B316B4E79DE6DA780388E60C69897D65D37C94487
              SHA-512:059712931A012E8624C4AF3ABFCFA8862E3F4D25AA9422A94A7CC8F0C41859FD81A60AE0CA3075C0AB31CEE6D6D9F69E806D60C6944C0BB4920BD0601FCA8C58
              Malicious:false
              Reputation:unknown
              Preview:..-......................w......r.'.......(....-......................w......r.'.......(..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\GeoComply\Player Location Check\4.1.0.0\service_3452204400.db-wal

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:dropped
              Size (bytes):41232
              Entropy (8bit):0.845296186784661
              Encrypted:false
              SSDEEP:
              MD5:D2CEEE0AC3E1B5FDB75AF56277C3FB3E
              SHA1:B02176F0EAEA5787949C575108317176971029BF
              SHA-256:6D9888520C914EF3C6A0E49D770F23BD33D83F43B8D3031609374AF25021ABFD
              SHA-512:06730B7D804D1C942D3B2279D96A23A040B8AA2205447B4675846FF849349DDE4640B76064027BEE4709960C6AD77596FB5E12A0AB3D4769614F5A5FD35AAFFC
              Malicious:false
              Reputation:unknown
              Preview:7....-..........r.'......5.3.........r.'......m...SQLite format 3......@ ..........................................................................j............@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\ProgramData\mntemp

              Download File
              Process:C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe
              File Type:data
              Category:dropped
              Size (bytes):16
              Entropy (8bit):3.875
              Encrypted:false
              SSDEEP:
              MD5:BC2F44A18F8066626B65B9CF9C1E87D0
              SHA1:F070BD50676322C5B147BFBC05623EED7469DF51
              SHA-256:61AF7553FAC4B3DA6F4F6FDB5E29E5C3733A8C5AF8ABD3312E527D2E697CADF3
              SHA-512:D8C406D1AF7ACB59DD4B831058F561A550EF58540CDCDEBBB6C2C03807501F7482390B9FC658B54E92CA5BAE4BA5FB10A3C3062769B951A64F429897AA1CB803
              Malicious:false
              Reputation:unknown
              Preview:_...]."..n...[".

              C:\Users\user\AppData\Local\Temp\3537-0293-c966-a1d6

              Download File
              Process:C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe
              File Type:Zip archive data, at least v2.0 to extract, compression method=store
              Category:dropped
              Size (bytes):6163747
              Entropy (8bit):7.997224653755802
              Encrypted:true
              SSDEEP:
              MD5:590AFF6BCE7745ACBD32C8246EBA1017
              SHA1:9801CAD229CBE7714C2352F519E0E2B187855286
              SHA-256:83358A10C4D8CD7045E0722C776A3C59BCC567718DE63D6BDD33A48270D55CB0
              SHA-512:0E3A6D799D89D3F984CA3599A2EAB37C913F1C241292E9620DDCEC85FB7FA6AF34164BCDFAF496D53976CB4B4EEB7EB2E1BAC1419A29BAA830D7B859E66FE218
              Malicious:false
              Reputation:unknown
              Preview:PK........<\.X................Update/PK........K\.X................Update/Update/PK........L\.X8.gI/.]..._.!...Update/Update/GeoComplyUpdate.exe.{<...?>*aH..<.$.F*.))..BHJ.a$.t.%.0%..9.$4.!D9..9..!J.f3..;.^.....|.......v.=ov...s..u=...8..9y'.6......?.@.......|....r.ur.J....1..-.....P.u.._0.._H.....W..!.!.c'O..._.b$++....a...W.D..s..1A.o.O.....+P.D.......-....v#..uP.r[..*.vN.Z..;$4W....W.~.s....Q....'x.}n.`*jW[.'x.m.(.r4.?..~.v.R..^.u.......,@.....1...PLN..r..h...........D........................+...?.....4^y..E...=.....|.....~...y.....a........=.....K-..?..h._.......9...?k.l..~j.or.....:D.4v..8$...._...#7.B.....$.Z.........M...q_.79...W...........!`.....V...+...._....&.ht.........w.......u9............!........o[............O.....|q^.....Y.....7.;..E{Q.O...|..W.._.W.......e._.....7....\...6..<m.B..P....ovA]V..V".z\..}zA..O3F....7&...H....JJ.~.v....D..|.h..GE9._...g.v....}..N.O$...=.d..V..O.'...}......)y..(vN....ddC-F. ^.....)S.V..2r.d.R.....4.

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\PlayerLocationCheck.exe

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):8377536
              Entropy (8bit):7.976284805345266
              Encrypted:false
              SSDEEP:
              MD5:F55B931B7BF241E3ED8C6F9DAC59FBA3
              SHA1:47F5BE374F0CF500C96DEAC933D2E926DC0D2139
              SHA-256:C43D43A19A37ECD9C02C04D326C9BB8A5E2A9ED6AC3E84E9613DF9B343A020BF
              SHA-512:22A1D019DFBF6A636780B516A529EFDC1FB6F17D15712D77BF3355A027614D73D53561EBA267E3CBA27E660CD241D8264913BF4779E5DF38E1ACA99F0DF9EF26
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              Reputation:unknown
              Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........lb....K...K...K.f.J...K.f.JZ..K.b.K...K.x.J...K.x.J...K.x.J...K.Q.K...K.f.J...K.f.J...KDx.J...KDx.J...KDx.JX..K.f.J...K...K...K@x.J...K@x.J...KGx.J...KJx.J...KJx.J%..KJx.K...K...K...KJx.J...KRich...K........PE..L...=G.f.........."......F|..\1.....X`.......`|...@..........................pJ.....C.....@.................................M2..d....P...$............... ...`J........T....................A...................................................... UE|......84................. ..` .<#..`|......>4.............@..@ .........|...R@.............@... (.............@.............@... ..............@.............@..@ .........r....@.............@..B.debug..............FD.............@..@.vm_sec..@......@...LD.............@....idata.......0........D.............@....tls.........@........D..................rsrc....&...P..

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:DOS batch file, ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1663
              Entropy (8bit):5.041129928469704
              Encrypted:false
              SSDEEP:
              MD5:29DA0C8906BA484466FFCDCD1CC01CB4
              SHA1:4F486A55FE02A7E0F7B1A28485AAB7723A56C86C
              SHA-256:6461D54ACD89EA880459E1E5473F63E906028CEF98A744FE08DC01F56D24C20B
              SHA-512:A1FEF6B170F480D803CDFA85BD3AE3D4A3886AD524B5F6D27F5A364749C6870249D1CC3D8E496DDF8DB7DCE3832966BB32891F93E2AD793EB9268F1A94662F77
              Malicious:false
              Reputation:unknown
              Preview:@ECHO off....SETLOCAL....IF "%PROCESSOR_ARCHITECTURE%" == "X86" (.. SET "program_files=%ProgramFiles%"..) ELSE (.. SET "program_files=%ProgramFiles(x86)%"..)....CALL :create_and_start_service "%program_files%\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe" "com.geocomply.wifi-scanner-microservice" 0..CALL :create_and_start_service "%program_files%\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe" "com.geocomply.vm-detector-microservice" 0..CALL :create_and_start_service "%program_files%\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe" "com.geocomply.process-scanner-microservice" 0..CALL :create_and_start_service "%program_files%\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe" "com.geocomply.internal-updater-microservice" 0..CALL :create_and_start_service "%program_files%\GeoComply\PlayerLocationCheck\Application\service.exe

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\PlayerLocationIcon.exe

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):6127808
              Entropy (8bit):7.973462736768503
              Encrypted:false
              SSDEEP:
              MD5:FC8ECAF170F5FDF403C5002B4C2E891B
              SHA1:800DEEE7BD90BE38DB1C55322A30375894F44912
              SHA-256:2AC4484387170DDB2EA480A275307C6452A9DD02FC96DF59AEE312040D6AA479
              SHA-512:C7BCBEA4D374F02567A4CEC4E32776FE70D1DA8BF0A37909D2548C0A955005517418F738DC181542DB527696563279646D876C9B35F3941CE1FB64FD0B838126
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 3%
              Reputation:unknown
              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$...........V..V..V..B..E..B.....0.1.P.....E.....L.....<..g.1.T..B..W..B..L.....y.....Q........B..W..B..u..V.............3.W..V.[.W.....W..RichV..................PE..L....F.f.........."......T=.........X........p=...@..........................@......'.]...@...................................P.......P.x6...........`].. ...0........P.T.....................P..................................................... LR=......(.................. ..` .e...p=.....................@..@ H.....J..@....".............@... ......L.......#.............@..@ ......M.......#.............@..B.debug........P......\%.............@..@.vm_sec..@....P..@...b%.............@....idata........P.......%.............@....tls..........P.......%..................rsrc....8....P..8....%.............@..@.winlice..W..0Q.......%.........

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):8294080
              Entropy (8bit):7.970699214007033
              Encrypted:false
              SSDEEP:
              MD5:FF6DD4C37561ED610994C1FCA08BDA73
              SHA1:3CA72A6AE86C2C0695491BA6F2447194F66E94E6
              SHA-256:74720B1B44D1FB3344C094B147F8E2A33967C9816F6F305F63395E32EE9B1232
              SHA-512:CB7CED237335D5B9698DD99A881BACB1013E738489CEB53BA80B4954087503EE33D4DD559946FA57AAC2DC6DE37DC43C4BD2F3CCAD4FAC34F4EF365F5EDE1868
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              Reputation:unknown
              Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......zg.M>...>...>...*m......*m......Xi[.9...ls..-...ls..$...ls..R....Z[.<...*m.......s..7...*m..<....s..0....s..<....s......*m......>.../....s..o....s..2....s..?....s.......sY.?...>.1.?....s..?...Rich>...........PE..L....G.f.........."......lt..*......X@........t...@...........................A.....).~...@.................................3"..H....@...............n~.. ....A........T....................1...................................................... ukt.......1................. ..` ..!...t.......1.............@..@ ....`...l....=.............@... (.............>.............@... ..............>.............@..@ ..... ...<....>.............@..B.debug..............BA.............@..@.vm_sec..@......@...HA.............@....idata....... ........A.............@....tls.........0........A..................rsrc.... ...@..

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):8326336
              Entropy (8bit):7.976789185907402
              Encrypted:false
              SSDEEP:
              MD5:8E0658BD64F860A08C26D22498A4E436
              SHA1:32ECFD4A35E89FBD4735DF156D1C77421F54669D
              SHA-256:806E04B73069259F3DB42AEAC3A61FBE2292FEC0A8A4BEFBF049C25F9C9DD6B8
              SHA-512:FB2D69D594B11A5781746CED5D0C04A381660E179D41691317D1E238299D37A14D971E67C6C2B7446E92CDF567CD331913F5BC49B819464ABFC6B54F38F70D3B
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              Reputation:unknown
              Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......zg.M>...>...>...*m......*m......Xi[.9...ls..-...ls..$...ls..R....Z[.<...*m.......s..7...*m..<....s..0....s..<....s......*m......>.../....s..o....s..2....s..?....s.......sY.?...>.1.?....s..?...Rich>...........PE..L....F.f.........."......lt..*......X@........t...@...........................A......b....@.................................3"..H....@................~.. ....A........T....................1...................................................... ukt.......1................. ..` ..!...t.......1.............@..@ ....`...l....=.............@... (.............>.............@... ..............>.............@..@ ..... ...<....>.............@..B.debug..............BA.............@..@.vm_sec..@......@...HA.............@....idata....... ........A.............@....tls.........0........A..................rsrc.... ...@..

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):8327872
              Entropy (8bit):7.977418642098603
              Encrypted:false
              SSDEEP:
              MD5:72A41CB50BD16FEE5D12EE874C5A3FAB
              SHA1:FD79B25671EB92C9DD696363F17F1940FCCD454F
              SHA-256:14575D7F14907B89176F6723E905355087C95B90C086B5FFBDC84B9F07F174DF
              SHA-512:0BE2832C2A4994773C7A50CA162A67AE2847C7D83F6561032D24A2AE654D97A4935D685AB5F17C631F1328A357F0838F13A5C7FFD335166613C380A76FFB27B1
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              Reputation:unknown
              Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......zg.M>...>...>...*m......*m......Xi[.9...ls..-...ls..$...ls..R....Z[.<...*m.......s..7...*m..<....s..0....s..<....s......*m......>.../....s..o....s..2....s..?....s.......sY.?...>.1.?....s..?...Rich>...........PE..L....G.f.........."......lt..*......X@........t...@...........................A...........@.................................3"..H....@................~.. ....A........T....................1...................................................... ukt.......1................. ..` ..!...t.......1.............@..@ ....`...l....=.............@... (.............>.............@... p.............>.............@..@ ..... ...<....>.............@..B.debug..............BA.............@..@.vm_sec..@......@...HA.............@....idata....... ........A.............@....tls.........0........A..................rsrc.... ...@..

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):8260288
              Entropy (8bit):7.9779650476834165
              Encrypted:false
              SSDEEP:
              MD5:B34599EDD4BC51D89807E352607384E8
              SHA1:844BCF3E22E081F4FE62D64AB2FC838448D02C73
              SHA-256:D8225EEFECF1B969E7967518E9BA12A905434A0332C0978E318B044C8ABDE828
              SHA-512:C07BFEAC11ACCA8E7EF4D8FD8673718EF5920A9C4C473397C5F4EEEA99DAF4362BD3E4A4D7BC42C27F7FDA1640433B20FC221DD82265BC72093DE27D3DCD18AD
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              Reputation:unknown
              Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......zg.M>...>...>...*m......*m......Xi[.9...ls..-...ls..$...ls..R....Z[.<...*m.......s..7...*m..<....s..0....s..<....s......*m......>.../....s..o....s..2....s..?....s.......sY.?...>.1.?....s..?...Rich>...........PE..L....G.f.........."......lt..*......X@........t...@...........................@.......~...@.................................3"..H....@................}.. ....@........T....................1...................................................... ukt.......1................. ..` ".!...t.......1.............@..@ .....`...l....=.............@... (.............>.............@... p.............>.............@..@ ..... ...:....>.............@..B.debug..............@A.............@..@.vm_sec..@......@...FA.............@....idata....... ........A.............@....tls.........0........A..................rsrc.... ...@..

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\config.xml

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:ASCII text, with very long lines (25792), with CRLF line terminators
              Category:dropped
              Size (bytes):25794
              Entropy (8bit):5.99894206870385
              Encrypted:false
              SSDEEP:
              MD5:AD23AFDB88E338F4FC7A9C8DE5C36429
              SHA1:0A42EB20D1C71D2F790CC5669B535D922DA8C3A0
              SHA-256:25D028ABB332B934E42736D26FDEA759DDE47F2B596C77DA72B00F01F573B374
              SHA-512:B36F1BAA19F68306202815E8F2AD3700CB939876B3F7C61AF278210CC835C371432919EBE1E0C02220E30B6CFF0BDA3C46BBF15C0DA817D8038E3D84059068AC
              Malicious:false
              Reputation:unknown
              Preview:FMEMx7Mm6kwlfNK4XYqbxRkJEgm1jQ6xZzCYpoZtM5ADASUUmsYao15DnELYA0KQrPOCnsfD8p8lI0OQ/Nq8Lb86Bwcvl0mn48wrquCM3NSIfWel6SgD5jflKr8NXAEHncPFQmeW+/lUm+XMUrURMa264HnK8GyLPHtigTM8blAuLMuglgXvmRCv3HxgUo5lhydcG1PAmc07R9UtgpYX7VmXORd4gJ1Fqy7kVNpmVbBgCbRWcSqRoYGeeD+ZegC6OoPsEofATG6aLf5aXCiVC9jcP+JMFAj2aXnZsjNhzZQFdMy0r4EMDVURD+VfQC6+fYoBYnRyxunbQcEEqqNLybRYGICT/OArO95UdfNgAqa0PxaJMfvltDdvLLkZN4yBXg8ah/hHnWfZ2NpOlU7zji/p9OIdwbzVfs6c/al53fMtu8vXixdaic1rGYlzjaGUfDWjRNQtCOqcFW74f3sMBTJ0Ul6HX5akJfOMN33poHCo7GhStlEZYcmvszLikyjl5241QQEpjwL8EKUBsY3r1b1xDQRVT4ipkqY8Etxvq36hiI/INn9EgaXeqrY2nLBHyJzDOx0fACiP+VnngTUagwtSfl28MCVhfaq6dCvr2Hg8Gx28D9z6qYQIg30SFnHLMXmChH+2iSobsqvE8H5SW+Uodfw2tcfkE5XoP8u7j8C0bVTgKNV43Osda8MRGEFx1eE2MZwPlilAIs90onI1HmOwN2pemv9tmCcV7roSqNfSjnWwhkOP5VFgIG+CxUuYo8HDWze7D/SNiewFPqZa2/03lrNk+B4+mDNNXbuxqlJ8wl481NQF3DBZm8q6kCFQFCnTv+McG4R2siLRhNSl9HlpJ68Lc2GQXeL0MoQ9UZ9Hr0Y+JKk9pNFLcOl/cbL78911N0WuvVV5PRaud5RcuzlsOdC9HUxbIbAlwivsk9X6W3MkuJAKyoaUakDKmYPqyTLAFlKbqk/TfAXxGvaVTQT//GY104zsCZkqTMrh

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\win32locationapi.dll

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):2313392
              Entropy (8bit):6.7955415321530666
              Encrypted:false
              SSDEEP:
              MD5:F82BEC342A89B15F413EEED3B89106DB
              SHA1:631554B166B1825035B4F0E722DBA571AACE2508
              SHA-256:900E6BA9AA2DB9280D961F45C38E66F86EC340AD1B8D25E56CDEC747CFFECB5D
              SHA-512:096AECE41066B3AC27CFAF1C49A984ADBFDEF28E79F8572ECD2DEDB357190B701390E9AACA2C905FADE353230F87CCF49DA857088319185FA2A9DE3AAD762859
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              Reputation:unknown
              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$............i...i...i...j...i...l.R.i...m...i...j...i...l..i......i...m...i.Q.m.n.i.Q.l...i.R.l...i...h...i...h.M.i...n...i._.`...i._.i...i._...i._.k...i.Rich..i.........PE..L....G.f.........."!..........................................................#......9$...@.........................0.!.x.....!......P".H............,#.. ...`"..<.... .T..................... ....... .@............................................text...L........................... ..`.rdata..............................@..@.data.........!..\....!.............@....rsrc...H....P".......!.............@..@.reloc...<...`"..>....!.............@..B................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\Application\winrtlocationapi.dll

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
              Category:modified
              Size (bytes):2299056
              Entropy (8bit):6.792279356774034
              Encrypted:false
              SSDEEP:
              MD5:5E3DEA11ECD0E0741ACC6D52476AC9E2
              SHA1:E1C4A98040A6D03FA7CA3C2097985BCFB79CCF68
              SHA-256:2D98E892387519A3FC99698DA17D003E70CA85E30701E045E9CCB258FE76E4E2
              SHA-512:48E0E4BCF7CBF20C8E11DE452A471EBA1983AB2DD4E6DA1DD99CD2535FFA1A6498779E7BBD3246A9F726F9A1EB956EEDE68C816B2B01F6DD100E8561EE42E183
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              Reputation:unknown
              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........]...<.@.<.@.<.@.W.A.<.@.W.A.<.@.W.A.<.@.I.A.<.@.I.A.<.@.I.A.<.@.`f@.<.@.W.A.<.@.I.A!=.@.I.A.<.@.I.A.<.@.D.@.<.@.<.@:<.@.I.A.<.@.I.A.<.@.Id@.<.@.I.A.<.@Rich.<.@........PE..L... G.f.........."!.....b..........@........................................`#......#...@..........................T!.x...(U!.......".H.............".. ... "..9...W .T....................Y ......X .@............................................text....a.......b.................. ..`.rdata..`............f..............@..@.data.......p!..b...R!.............@....rsrc...H.....".......!.............@..@.reloc...9... "..:....!.............@..B................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\CrashHandler\crash_handler.exe

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):3810496
              Entropy (8bit):7.951441379622579
              Encrypted:false
              SSDEEP:
              MD5:F1B7450F8305A58F6E48FDF5AE32758C
              SHA1:990F1D06384D943127B3B8EE91878ECC173F63C9
              SHA-256:F480B0D64BECD2A9D1A6206C0F47B479BF8F8455ECF0329E21384E5E2F2CD224
              SHA-512:766A8C57C8C28BDA1C20157C2EE9B982FF75DB4C9011ABF369A76AC0E4536C7552F585843F5C30F4485C8BD0CBE446861DAA610098191340BD5132DAE61F5928
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 11%
              Reputation:unknown
              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Y .s7s.s7s.s7s..4r.s7s..2r.s7s..3r.s7s..3r.s7s..4r.s7s..2r.s7s./.s.s7sn.3r.s7s..6r.s7s.s6sos7sn.4r.s7sn.2r/s7sn..s.s7sn.5r.s7sRich.s7s........................PE..L.....We.....................>......X.]...........@..........................P......Tc:...@..................................P.......p..@.............:.. ...@...............................`...................................................... i........................... ..` ^...........................@..@ .:...@......................@... (...........................@... ............................@..@ H].......F..................@..B.debug...............@..............@..@.vm_sec..@.......@...D..............@....idata.......P......................@....tls.........`...........................rsrc........p......................@..@.winlice.@Q.............

              C:\Users\user\AppData\Local\Temp\602b-ef7b-6336-9514\PlayerLocationCheck\manifest.xml

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:XML 1.0 document, ASCII text, with very long lines (1870), with CRLF line terminators
              Category:dropped
              Size (bytes):23733
              Entropy (8bit):6.0424150166631225
              Encrypted:false
              SSDEEP:
              MD5:91B36AADAB9E6ABD68BFC00059BA0085
              SHA1:8CB1DE7EF1A277BB9C9E520857796987948867E7
              SHA-256:9D9F9F2597E141C47B119215A3C6992EE5CF657BF480CCE31947402E1237B53D
              SHA-512:0B9C6AB92E70A05B347A129284E9586D9F2C6F78B8E106150160F840179C653EE25355BF477C04A0C391635EC5E36B3DE09A666C5E4DA99D5A6F152DAC3479BE
              Malicious:false
              Reputation:unknown
              Preview:<?xml version="1.0" encoding="UTF-8"?>..<config version="1.0">.. <data_source version="4.1.0.0" appid="{89AFE193-5BC0-4B1C-A4BC-CFB6F0E991EC}"/>.. <install_path>%program_files%/GeoComply</install_path>.. <logger>https://logger.geocomply.net/logs</logger>.. <commands>.. <unlaunch_daemons>.. <daemon name="com.geocomply.process-scanner-microservice" path="%install_path%/PlayerLocationCheck/Application/com.geocomply.process-scanner-microservice.exe"/>.. <daemon name="com.geocomply.vm-detector-microservice" path="%install_path%/PlayerLocationCheck/Application/com.geocomply.vm-detector-microservice.exe"/>.. <daemon name="com.geocomply.wifi-scanner-microservice" path="%install_path%/PlayerLocationCheck/Application/com.geocomply.wifi-scanner-microservice.exe"/>.. <daemon name="com.geocomply.internal-updater-microservice" path="%install_path%/PlayerLocationCheck/Application/com.geocomply.internal-updater-microservice.exe"/>.. <daemon name="Player Location Check"

              C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe

              Download File
              Process:C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):6262976
              Entropy (8bit):7.971615594725782
              Encrypted:false
              SSDEEP:
              MD5:57825971D603090D7500C4C96500966E
              SHA1:BCF23DB5FDF0E267EC8416AF01ACCAD1F0679342
              SHA-256:5B5303C4DE53D0CD36B3396E290C2BDA4BA8688A3EEAD74E6DF39F4B53481067
              SHA-512:8492BEF73452838732E942F2967AC92626FDE8B601C2E96198860F47F3663657DA492B7566C40F0E34553B977888C85F247BA1A876C7179CABA1566597CA0B5C
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 0%
              Reputation:unknown
              Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......q.!.5.O.5.O.5.O.~.L.&.O.~.J..O.S..3.O.g.K.&.O.g.L.,.O...7.O...J...O...J.:.O...K..O.~.K.,.O.~.N...O.5.N...O.g.J.X.O.~.I.4.O...F.Z.O....4.O.5..4.O...M.4.O.Rich5.O.................PE..L.....hf.................nA.........X........A...@.......................... ........`...@...................................U.......U.`............p_.. ...........PU.T...................H.U..................................................... .mA......................... ..` ]....A.....................@..@ ......O..>....$.............@... .....Q.......%.............@..@ 8....@R.......%.............@..B.debug.......PU......h'.............@..@.vm_sec..@...`U..@...n'.............@....idata........U.......'.............@....tls..........U.......'..................rsrc.........U.......'.............@..@.winlice..W..pV......^(.............`...

              C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.inf

              Download File
              Process:C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe
              File Type:XML 1.0 document, ASCII text, with very long lines (1861), with CRLF line terminators
              Category:dropped
              Size (bytes):18616
              Entropy (8bit):6.043564487808113
              Encrypted:false
              SSDEEP:
              MD5:36959AF2697CD2A21DA0026E101ACFCE
              SHA1:430E35583D78184B99CA7540EEC4ADE11866B02F
              SHA-256:14F77206CB9FEB9E61CBC0A43CE9BAA11C53375A78237396812BD4F38E1A920F
              SHA-512:A5BABE7611B8325F4A6533F6EDE9D34E1E8B42295B3B9FD0B38324D8FB2E5E55AF19B9F0D2BA5E15DA8611078F69137E072E228C00FF4E2269CEC4D56A10087B
              Malicious:false
              Reputation:unknown
              Preview:<?xml version="1.0" encoding="UTF-8"?>....<config version="1.0">.. <envs version="1.0">.. <env id="DhBJ75yNYZnOObP6ptHat27mlwC1aoRr1YfR7Ram0X8=">WNW5382UIBl07PVXNxTr0tMrjS+WM5aA6TLixB/RrZS/4QnoLaDAQtTzf7ekiG8zeWc9vuoty466lCah7eQkpT41FDIjD9PkoCq+83xzbKA+1oR2OPxaIv0vKQG8mSMH/Vq/uiynYpeL/vuQV42FV4JXbZ0g9oOJvOlSwx8PU9E73LmEPy6p1TuLXOKnQ/mYERqwTvpWBg0RjI7J2TQkplnXFcwsNHj0RHpRaESGcVB7LW4DfgDSukZUwQB33hl9Bw5XGW4iFfjCQpSyLJQoH4N3kMSCntq386NEWgmfYxzDWg/Xek+QacaZPcyTvSMuW8WaB3yQTSlDGOIS8NibINT4D1sHCbqiYKcwLVrVB4jTWis/sAZTU7FTNYw3rdFZbwsDti2WzTpMOleDrFC6sCpUJwbGeMmwdj3LwwaBv33tjezhEFphkenk54KBYD9W/XGgGvMWZmhtDDxU6qsSv1hzYMSI6wV3VsRJa8CQWsYlXACDdSPBUmBjL6OxugI532/fhVn8//cZeZZM/K5DCK7IHuu6Sd7+oUFzqi+VSubW9eMIr9sRfurwDH8PRxOBN8cSgk3JVEoqNsbhWbqtLf/u90FFB3B1JHdFzKzCODpZsXWxlYWLt+PZHfOvZ+adBlrTdffMYIoczK1qD0vKxnNwsyrGX4iWf7mr7pxKVy7ziKfQfvhhyUyJ1oRf3eYd8Kc4t/d+nFZAl+OoLq+tTfeaIodvKwc+sGQ1WFGNpeYUP2FJ0k76Sa2eNrOlTumTH4ow8Vo5sSQTxgTDmRutorZX8L3SvtEI964lQLacQIAAmpA0Ejn6IMhZBIkx/CMoq9U05JKMKI7wD

              C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\manifest.xml

              Download File
              Process:C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe
              File Type:XML 1.0 document, ASCII text, with very long lines (1857), with CRLF line terminators
              Category:dropped
              Size (bytes):19852
              Entropy (8bit):6.08404116824959
              Encrypted:false
              SSDEEP:
              MD5:FBA05CD6839EA3D5ACA9F68C5CD5257F
              SHA1:AB671F2AF1AB86322325EB4FF60369AE6E8C40EC
              SHA-256:FD13AAD581C9AC46D86F4A9FFDD6D6DAC5E8AA95A8362656ED2EB7AEF6DAE209
              SHA-512:DB10ED51757FDBD28F05D043D5C2BA0227AED4FB1B079A90163A268D22599998C9EE0EF454AC22E98C6F279F20BBF0044C2A2E8AD4C13BAB4C91C5E0243A52E8
              Malicious:false
              Reputation:unknown
              Preview:<?xml version="1.0" encoding="UTF-8"?>....<config version="1.0">.. <data_source version="4.1.0.0" appid="{AAEB56C9-F527-490C-BE11-134A248B901B}"/>.. <install_path>%program_files%/GeoComply</install_path>.. <logger>https://logger.geocomply.net/logs</logger>.... <commands>.. <unschedule_tasks>.. <task name="GeoComply Update Task" path="%install_path%/PlayerLocationCheck/Update/GeoComplyUpdate.exe" arguments="" type="one_time"/>.. </unschedule_tasks>.... <remove_files>.. <file source="" destination="%install_path%/PlayerLocationCheck/Update/GeoComplyUpdate.inf"/>.. <file source="" destination="%install_path%/PlayerLocationCheck/Update/GeoComplyUpdateH.exe"/>.. <file source="" destination="%install_path%/PlayerLocationCheck/Update/upgrade.manifest.xml"/>.. </remove_files>.... <copy_files>.. <file source="%cab_directory%/Update/GeoComplyUpdate.exe" destination="%install_path%/PlayerLocationCheck/Update/GeoComplyUpdate.exe"/>.. <file source="%

              C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\upgrade.manifest.xml

              Download File
              Process:C:\Users\user\Desktop\Fanduel CO Player Location Check F.exe
              File Type:XML 1.0 document, ASCII text, with very long lines (1870), with CRLF line terminators
              Category:dropped
              Size (bytes):19294
              Entropy (8bit):6.068820511474118
              Encrypted:false
              SSDEEP:
              MD5:4CF0793D12D0008BCBDCBA4FA27C1BFB
              SHA1:51D11EE95E65F42C52E221C240AB0CF86F535039
              SHA-256:F8D78CE8D22951EB76E5BB0C36D063C589195ADE437F1B83259ABF930224DBCD
              SHA-512:47CDA9BB429E4F7DD163967B56F51A825828408426D3E6A6A12738EEC71664993B388EC8AF8F182E0D3B37DF4875E1D2B772C096E7452F333166DC866BCA43D4
              Malicious:false
              Reputation:unknown
              Preview:<?xml version="1.0" encoding="UTF-8"?>....<config>.. <data_source version="4.1.0.0" appid="{AAEB56C9-F527-490C-BE11-134A248B901B}" url="https://ums.geocomply.com/api/v1"/>.. <install_path>\GeoComply\</install_path>.. <logger>https://logger.geocomply.net/logs</logger>.... <distribution>.. <files root="/">.. <file source="GeoComplyUpdate.exe" destination="/PlayerLocationCheck/Update/GeoComplyUpdate.exe" executable="true" version="" upgrade_version=""/>.. <file source="GeoComplyUpdate.inf" destination="/PlayerLocationCheck/Update/GeoComplyUpdate.inf" executable="false" version="" upgrade_version=""/>.. </files>.. </distribution>.... <envs version="1.0">.. <env priority="0" id="DhBJ75yNYZnOObP6ptHat27mlwC1aoRr1YfR7Ram0X8=">WNW5382UIBl07PVXNxTr0tMrjS+WM5aA6TLixB/RrZS/4QnoLaDAQtTzf7ekiG8zeWc9vuoty466lCah7eQkpT41FDIjD9PkoCq+83xzbKA+1oR2OPxaIv0vKQG8mSMH/Vq/uiynYpeL/vuQV42FV4JXbZ0g9oOJvOlSwx8PU9E73LmEPy6p1TuLXOKnQ/mYERqwTvpWBg0RjI7J2TQkplnXFcwsNHj0RHpRaESGcVB7LW4DfgDSuk

              C:\Users\user\AppData\Local\Temp\b8cc-6fbf-adcc-efec

              Download File
              Process:C:\Users\user\AppData\Local\Temp\6da0-38b0-41bb-be1c\Update\Update\GeoComplyUpdate.exe
              File Type:Zip archive data, at least v2.0 to extract, compression method=store
              Category:modified
              Size (bytes):52339499
              Entropy (8bit):7.999198023722313
              Encrypted:true
              SSDEEP:
              MD5:ED381ACBC22736E6F05224FE4C6D3477
              SHA1:7B808CB6FCD4DCCAA057E03E58BE2AEF9D8D2E60
              SHA-256:D3EB50AEE8D55285ADF5F818AE7C631B75F5869372ABE459609CA8FBBF3D7CF3
              SHA-512:D2D40B193C04955D88B101B2A818A59CD6468B60D2E437AD1CF9BC100BFA4E295E04A291D832061BF3B97077E4C40FF34421D988C74F955E2AC6704A27262569
              Malicious:false
              Reputation:unknown
              Preview:PK.........e.X................PlayerLocationCheck/PK.........f.X............ ...PlayerLocationCheck/Application/PK.........f.X............!...PlayerLocationCheck/CrashHandler/PK.........e.XI...C....\.. ...PlayerLocationCheck/manifest.xml.Y.H...G...(R_...f.%=b...c07.;..;....;.w.....3....N..T..9.........w}^W....7/q..Q^.......x..?....*........>...c_.]..:|x....1.i.... H..`.}{.......f.2<...G.0..........(>6....S..i.......@!...l..=.w.}....4.~.......4.q.~..]...:....}..9X.U..n=.cU.c.f.#?...o......R.e....L?e.q..C....m..].....O.?...k.?.Z.q'.?<..........t......%......|..C..._..{....9O..!~...P.WC.U~.vl....P..3.../..m...3.IM_.......l...5._v.B?5_.D.....>Fy.y.../....Dq?....?..w..................E......v.xE......~.yE..PD.!'.f..Np.d.....4..}e.}c......~L.o..k.K......;6_K.W(R.2.7.....E.M..(..^[.?Z|5.M.:"...Z.".>.......7.#....3.Y..q....../.?..~..).7R.g=.{.'.{.'..........E...Y.......|w?.......3.o...a.Gc....h.j.|j.".?.._.......c.WC....am...u=|..7.~.

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Player Location Check.lnk

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Oct 25 16:13:19 2024, mtime=Fri Oct 25 16:13:57 2024, atime=Fri Oct 25 16:13:15 2024, length=6127808, window=hide
              Category:dropped
              Size (bytes):1670
              Entropy (8bit):4.577809036520531
              Encrypted:false
              SSDEEP:
              MD5:B4DFDFDF9D277221D88F25E14BB9CA62
              SHA1:59FC92B19EAFFD827E741F6364158BDCA2981477
              SHA-256:9A594CBFA9B41E5D604B6FF20146DD886359500E3034DEB502F1516CACBBCD7A
              SHA-512:3C6756EE7ADEB658BB2D55B8E778FBF9BC39D228DAB186403A812E890D909CF76E0F1A4E2CF1B5D6B33C66E3419EC32B970246A01912AAA0370CCC86FAE34EAF
              Malicious:false
              Reputation:unknown
              Preview:L..................F.... .....&0.'..U..G.'..C..-.'....].....................m....P.O. .:i.....+00.../C:\.....................1.....YY....PROGRA~2.........O.IYY......................V.....&...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1.....YY....GEOCOM~1..D......YY..YY...........................L...G.e.o.C.o.m.p.l.y.....p.1.....YY....PLAYER~1..X......YY..YY................................P.l.a.y.e.r.L.o.c.a.t.i.o.n.C.h.e.c.k.....`.1.....YY....APPLIC~1..H......YY..YY............................../.A.p.p.l.i.c.a.t.i.o.n.....z.2...].YY.. .PLAYER~1.EXE..^......YY..YY......>.......................&.P.l.a.y.e.r.L.o.c.a.t.i.o.n.I.c.o.n...e.x.e.......................-...........................C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationIcon.exe..l.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.e.o.C.o.m.p.l.y.\.P.l.a.y.e.r.L.o.c.a.t.i.o.n.C.h.e.c.k.\.A.p.p.l.i.c.a.t.i

              C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59194E40068A745EF528E8E18DD529F2

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:Certificate, Version=3
              Category:dropped
              Size (bytes):1652
              Entropy (8bit):7.363365432397115
              Encrypted:false
              SSDEEP:
              MD5:B7A7B4605E33389F48B33D17CAE73006
              SHA1:8BFE3107712B3C886B1C96AAEC89984914DC9B6B
              SHA-256:9AAD6C1A83A1B974BA574A995AF35B8CA772DA919270DB1605A8B81E1BBC896F
              SHA-512:9920EAB816951CD79C09884159BE354BA260D84091A7F72582299005A1AD2FECE5037EFD47A2799B52420B2C25FF40D5B9B9521728CA497AD395DAE728F20139
              Malicious:false
              Reputation:unknown
              Preview:0..p0..X.......a.RL......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1200..U...)Microsoft Root Certificate Authority 20100...100706204017Z..250706205017Z0~1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1(0&..U....Microsoft Code Signing PCA 20100.."0...*.H.............0..........dPyg......L....Vh.D...XO..v|mE..9......e.....D...e..,U..}...+.A+...KnILk.......q...K......k..:..&?...4.W..]I..*...Y?...+.t.+.;F..FI..fT.....UbWr.g.% 4.]...^.(.......c.....&.Y.......5L...R[......Hw.G......j-.\`.*[.#._E....o7..3.j.M.jfcx..0...........0...0...+.....7.......0...U........_{.".X.rN..!t#2..0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0.....V..\bh.=..[....0V..U...O0M0K.I.G.Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z..+........N0L0J..+.....0..>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0....U. ...0..0....+.....7..0..0=..+....

              C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E98E754284A422CC3ACAABE73E0D55B

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:Certificate, Version=3
              Category:dropped
              Size (bytes):1499
              Entropy (8bit):7.442262217977073
              Encrypted:false
              SSDEEP:
              MD5:AF749A216C00C7D25C249FCA0D7FD471
              SHA1:580A6F4CC4E4B669B9EBDC1B2B3E087B80D0678D
              SHA-256:E8E95F0733A55E8BAD7BE0A1413EE23C51FCEA64B3C8FA6A786935FDDCC71961
              SHA-512:A30B1E92B99B839D0076808E38F1C65FB42B1A9608778A0596F5350B3EF80DD15F2E226E1624298FF44135E736717D27642225ADFE8A9D10E24B5FA22D912C18
              Malicious:false
              Reputation:unknown
              Preview:0...0..........a.vV......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1200..U...)Microsoft Root Certificate Authority 20100...111019184142Z..261019185142Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0,..U...%Microsoft Windows Production PCA 20110.."0...*.H.............0....................i..!.i33...T...... .....8....-|by...J?.5 p...k...6u.1.p..7.tF.([.`#,..G.g.Q'.r.....;S5|...'......#.o.F..n.<A..?].jM.i.%(\6..C............['.'x0.[*.k".S`.,.h.S..I.a..h.sD]}.T+.y...5]l.+\..#.on.&.6..O.'..2;A.,...w.TN.\...e.C....m.w.Z$.H.........C0..?0...+.....7.......0...U.......).9...x...O..|U.S0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0.....V..\bh.=..[....0V..U...O0M0K.I.G.Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z..+........N0L0J..+.....0..>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0...*.H...............|qQ.y.n..9>

              C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:Certificate, Version=3
              Category:dropped
              Size (bytes):1716
              Entropy (8bit):7.596259519827648
              Encrypted:false
              SSDEEP:
              MD5:D91299E84355CD8D5A86795A0118B6E9
              SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
              SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
              SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
              Malicious:false
              Reputation:unknown
              Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

              C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59194E40068A745EF528E8E18DD529F2

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):242
              Entropy (8bit):2.910974885792481
              Encrypted:false
              SSDEEP:
              MD5:A0F0FB50A3DD08BA31B99A5D5E00BEFB
              SHA1:9FF813CEDE9EF444324B30F8D47E66963A3D76B8
              SHA-256:93B4C730A2228992ED5522E97E7A9A93018134470ED0992F1216802C81B601B5
              SHA-512:D9F5C2C8E28D2018D9BD34A39E0E809494C2C66574F3378C2481BA11F4BB3FEA8B3282B5952EBE5ABCEB254207BC5F25CEB1473E244FF61EAD66B6693875C45A
              Malicious:false
              Reputation:unknown
              Preview:p...... ....~...^..4.'..(....................................................... ........0.c.*..................t...h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.p.k.i./.c.e.r.t.s./.M.i.c.C.o.d.S.i.g.P.C.A._.2.0.1.0.-.0.7.-.0.6...c.r.t...

              C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E98E754284A422CC3ACAABE73E0D55B

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):256
              Entropy (8bit):2.9091097820889305
              Encrypted:false
              SSDEEP:
              MD5:5C30AD05017AF144A0926F5AF9688678
              SHA1:9520DD6284B8FAD94A5922336ECBF249B40C06D0
              SHA-256:A43AF1A6B778305C01362C02CD49D5329D57FAE4B6DCB7D1AC9CB488CBFBAED2
              SHA-512:D2A654A03A65F2DBAEAE6C04F9A04607CBBA470C4EC0AD6F6FF023E99737B134E7C41EDC270FF2FAB5FD542CB1A9D6EAAECD9C36434B1745900E3B2A4C16C5B4
              Malicious:false
              Reputation:unknown
              Preview:p...... ...........3.'..(....................................................... ..........c.*......................h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.p.k.i.o.p.s./.c.e.r.t.s./.M.i.c.W.i.n.P.r.o.P.C.A.2.0.1.1._.2.0.1.1.-.1.0.-.1.9...c.r.t...

              C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

              Download File
              Process:C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
              File Type:data
              Category:dropped
              Size (bytes):308
              Entropy (8bit):3.202148265590991
              Encrypted:false
              SSDEEP:
              MD5:5C44879EED36D7721BA3E3736532F7C3
              SHA1:0DE4BF30784A832E33036800CB5F27783E582AA2
              SHA-256:C8C5309ECBDA9DE497040854BCD51B2D388A3C563E1E2429C6B98262B0EA3A87
              SHA-512:DACE617BD2FC33ADBCC6507F2A3884986B32AFD84687A7AB100636E638BB6C854328714DC570AE120FEEEAD465CC5DE658914E72016485744AE672D193646E78
              Malicious:false
              Reputation:unknown
              Preview:p...... .........Ph5.'..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386, for MS Windows
              Entropy (8bit):7.973364383532764
              TrID:
              • Win32 Executable (generic) a (10002005/4) 99.96%
              • Generic Win/DOS Executable (2004/3) 0.02%
              • DOS Executable Generic (2002/1) 0.02%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:Fanduel CO Player Location Check F.exe
              File size:6'618'304 bytes
              MD5:08304ec84ba59a397c29db1c7de4c3df
              SHA1:ffc9bc947d938d899ba62890c22e5cd78d8f3ded
              SHA256:2fa0b61573801f430c2f9d19b85fe6693dfcfbc0699ceba93eccc0acbb17d5fc
              SHA512:db5d1ee300b5004408eab1cd2a30b5534464f0b85c6d993062401c3e08114db9d1e55946b187df044e874f7284199e4015bdb91cb0912e47e33d848118c677b2
              SSDEEP:196608:9jrRETEF59l95Pv5m4Lzwd5BvJulkeJ4BJu:9jrRUS5TPvo4IXBhMkeqS
              TLSH:6B66337361505EA3C2FB47723C9785888C09BF66CA014A54F7AF4AD2B26575ECBB0B31
              File Content Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$..........l...?...?...?...>...?...>w..?...?...?...>...?...>...?...?...?...>...?...>...?...>...?g..>...?d..>...?...>...?...?g..?g..>W..

              File Icon

              Icon Hash:c8b6aaba9255338e

              Static PE Info

              General

              Entrypoint:0xf8a058
              Entrypoint Section:.boot
              Digitally signed:true
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
              Time Stamp:0x666897FB [Tue Jun 11 18:31:23 2024 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:6
              OS Version Minor:0
              File Version Major:6
              File Version Minor:0
              Subsystem Version Major:6
              Subsystem Version Minor:0
              Import Hash:e6495f39e732319e85e8c8937f92fdd2

              Authenticode Signature

              Signature Valid:true
              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
              Signature Validation Error:The operation completed successfully
              Error Number:0
              Not Before, Not After
              • 15/01/2024 19:00:00 23/03/2025 19:59:59
              Subject Chain
              • CN=GeoComply Solutions Inc., O=GeoComply Solutions Inc., L=Vancouver, S=British Columbia, C=CA, SERIALNUMBER=BC1268052, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA
              Version:3
              Thumbprint MD5:EDFC784012E39686FEC12B5D6AF17214
              Thumbprint SHA-1:302788037FED03B7BB06326A0920FE994072C209
              Thumbprint SHA-256:FD2A0A447F972E179161E73BB024C14A8053B8E71BEDA15C27C80D58EF6EDEDB
              Serial:057C16A15AAE0DCF0E55D8E980E07C9F
              Instruction
              call 00007FCEF46CFB50h
              push ebx
              mov ebx, esp
              push ebx
              mov esi, dword ptr [ebx+08h]
              mov edi, dword ptr [ebx+10h]
              cld
              mov dl, 80h
              mov al, byte ptr [esi]
              inc esi
              mov byte ptr [edi], al
              inc edi
              mov ebx, 00000002h
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              jnc 00007FCEF46CF9ECh
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              jnc 00007FCEF46CFA53h
              xor eax, eax
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              jnc 00007FCEF46CFAE7h
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              adc eax, eax
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              adc eax, eax
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              adc eax, eax
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              adc eax, eax
              je 00007FCEF46CFA0Ah
              push edi
              mov eax, eax
              sub edi, eax
              mov al, byte ptr [edi]
              pop edi
              mov byte ptr [edi], al
              inc edi
              mov ebx, 00000002h
              jmp 00007FCEF46CF99Bh
              mov eax, 00000001h
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              adc eax, eax
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              jc 00007FCEF46CF9ECh
              sub eax, ebx
              mov ebx, 00000001h
              jne 00007FCEF46CFA2Ah
              mov ecx, 00000001h
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              adc ecx, ecx
              add dl, dl
              jne 00007FCEF46CFA07h
              mov dl, byte ptr [esi]
              inc esi
              adc dl, dl
              jc 00007FCEF46CF9ECh
              push esi
              mov esi, edi
              sub esi, ebp
              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x60a1ed0x210.idata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x60c0000x5b94.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x64dc100x20b0.winlice
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xf040000x10.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x6050000x54.debug
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x60b0480x18.tls
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              0x10000x3ddd3c0x1da2001a7140bf15dfecea66bc1532acecbfdfunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              0x3df0000xd4e300x5a600409caa689f23d5164022a28186e3334aFalse0.9927791104771784data7.9583357943541415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              0x4b40000x19ac80x3a001df7d723529906fba1eb4ef6194f0755False0.9914466594827587data7.941564116636405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              0x4ce0000x1095540x76a002218d7baaa7a9ad02fe43615e1d73affFalse0.981203487223393data7.978029292371281IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              0x5d80000x2c6900x1a800bc3c90accc949188c8a037c480ea361cFalse0.9980100235849056data7.981559639531154IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              .debug0x6050000x10000x600cbbab40fa22b34469c7b3eefc64f1491False0.421875Matlab v4 mat-file (little endian) TP`, numeric, rows 1718130683, columns 0, imaginary4.117721315184942IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .vm_sec0x6060000x40000x4000ffa397a81cb8c8d6d09827d701b4e045False0.25347900390625data3.2859760387628083IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .idata0x60a0000x10000x400ddb1f29f7a5badeeca706d5987bf5d11False0.478515625data4.167599356195664IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .tls0x60b0000x10000x2006c135ee4ca27c774a15bf3e94fbd44f6False0.072265625Matlab v4 mat-file (little endian) \377\377\377\377, numeric, rows 0, columns 00.345051964397433IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .rsrc0x60c0000x5c000x5c00d7ea49fade1c2be80656ae81f0ea033dFalse0.20749830163043478data3.779032421918291IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .winlice0x6120000x5780000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .boot0xb8a0000x379a000x379a00cd28d0ff7955e299cac36b523e1882a9unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .reloc0xf040000x10000x10b150a953a51664d733be9af41de073e7False1.5GLS_BINARY_LSB_FIRST2.7743974703476995IMAGE_SCN_MEM_READ
              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_ICON0x60c3080x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 0EnglishUnited States0.1220509383378016
              RT_DIALOG0x60fd600xb0dataEnglishUnited States0.625
              RT_DIALOG0x60fe200x114dataEnglishUnited States0.5471014492753623
              RT_DIALOG0x60ff440x98dataEnglishUnited States0.6776315789473685
              RT_DIALOG0x60ffec0xccdataEnglishUnited States0.5833333333333334
              RT_DIALOG0x6100c80x108dataEnglishUnited States0.5378787878787878
              RT_STRING0x6101e00x4adataEnglishUnited States0.6891891891891891
              RT_RCDATA0x61023c0x3beASCII text0.4321503131524008
              RT_RCDATA0x61060c0x247ASCII text0.5506003430531733
              RT_RCDATA0x6108640x239ASCII text0.5149384885764499
              RT_RCDATA0x610ab00x330ASCII text0.4644607843137255
              RT_RCDATA0x610df00x1fdASCII text0.5343811394891945
              RT_RCDATA0x6110000x115ASCII text0.6931407942238267
              RT_RCDATA0x6111280x1d4ASCII text0.5192307692307693
              RT_RCDATA0x61130c0xe4ASCII text0.6842105263157895
              RT_GROUP_ICON0x6114000x14dataEnglishUnited States1.1
              RT_VERSION0x6114240x36cdataEnglishUnited States0.4269406392694064
              RT_MANIFEST0x6117a00x3f0XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (948), with CRLF line terminatorsEnglishUnited States0.5138888888888888
              DLLImport
              kernel32.dllGetModuleHandleA
              ole32.dllCoUninitialize
              Normaliz.dllIdnToAscii
              WLDAP32.dll
              bcrypt.dllBCryptCloseAlgorithmProvider
              ADVAPI32.dllGetSidSubAuthorityCount
              CRYPT32.dllCertCloseStore
              SHLWAPI.dllPathAppendW
              WTSAPI32.dllWTSFreeMemory
              IPHLPAPI.DLLFreeMibTable
              NETAPI32.dllNetUserGetGroups
              SETUPAPI.dllSetupDiGetClassDevsW
              VERSION.dllVerQueryValueW
              USER32.dllRedrawWindow
              GDI32.dllSetTextColor
              SHELL32.dllSHGetFolderPathW
              OLEAUT32.dllVariantInit
              WS2_32.dllaccept

              Possible Origin

              Language of compilation systemCountry where language is spokenMap
              EnglishUnited States