97347c65c52eae6595ad00223d3c8bb60b241348551c2906641564cc557435fc

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2023, 21:21 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GenericSetup.exe
Size

4.0MB
MD5

33affbe19f092d28932d254fb5c48474
SHA1

66e2e5adb11c42bf974fdc2c9eccfc70e3a70aca
SHA256

97347c65c52eae6595ad00223d3c8bb60b241348551c2906641564cc557435fc
SHA512

fa5ac0cd8f977faef507e89a5c593d97f304bfae192f09650f68f885b45e3f1527c77e5de2daa4bc6e3ce7e59f10daa0310c28ee304e0f7b4622e8227a20f491
SSDEEP

98304:hIiqp/+yulzhzgss5JR3K0F/TT2xDJLu3BlFQ4P:haV+Nl1UJRfTCx1SLP

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 35 IoCs

pid	Process
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe

Modifies system certificate store 2 TTPs 8 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	GenericSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	GenericSetup.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe
4388	GenericSetup.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4388	GenericSetup.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4388	GenericSetup.exe

C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe
"C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4388

Network

DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

134.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

41.26.24.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.26.24.184.in-addr.arpa

IN PTR

Response

41.26.24.184.in-addr.arpa

IN PTR

a184-24-26-41deploystaticakamaitechnologiescom
DNS

h2oapi.adaware.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

h2oapi.adaware.com

IN A

Response

h2oapi.adaware.com

IN A

104.18.68.73

h2oapi.adaware.com

IN A

104.18.67.73
GET

https://h2oapi.adaware.com/v1/bundleinfo/6bd234db1b22c82e54241b14926b5d83272bbc4d

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/bundleinfo/6bd234db1b22c82e54241b14926b5d83272bbc4d HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: h2oapi.adaware.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:17 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 770
Connection: keep-alive
Cache-Control: public
Cache-Control: max-age=172800
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f9572041d750b5e-AMS
DNS

73.68.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.68.18.104.in-addr.arpa

IN PTR

Response
DNS

flow.lavasoft.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

flow.lavasoft.com

IN A

Response

flow.lavasoft.com

IN A

104.17.9.52

flow.lavasoft.com

IN A

104.17.8.52
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=BundleInstallStart HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 2444
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:21 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f957219595b418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=PageShown HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 269

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:22 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f9572236be8418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffers

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=BundleProposedOffers HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 30697

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:22 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f9572255c6e418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=BundleOfferRejected HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 457

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f957226bccb418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=BundleOfferRejected HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 474

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f9572277cf6418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=BundleOfferRejected HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 459

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f957228bd80418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 429

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f9572297db5418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 406

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f95722a2e0a418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 433

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f95722b2e48418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 454

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:24 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f9572314fdb418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 409

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:24 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f9572324829418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 452

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f95723418d3418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 422

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f957235f955418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 418

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f957236e99c418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 421

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:26 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f957239da55418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 428

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:27 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f9572413c9b418a-AMS
POST

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApproved

GenericSetup.exe

Remote address:

104.17.9.52:443

Request

POST /v1/event-stat/?ProductID=IS&Type=BundleOffersApproved HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
Content-Type: application/json;charset=utf-8
Host: flow.lavasoft.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Length: 1936

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:28 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
Access-Control-Expose-Headers: Content-Length,Content-Range
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f9572463e1c418a-AMS
DNS

52.9.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

52.9.17.104.in-addr.arpa

IN PTR

Response
DNS

sos.adaware.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

sos.adaware.com

IN A

Response

sos.adaware.com

IN A

104.18.68.73

sos.adaware.com

IN A

104.18.67.73
POST

https://sos.adaware.com/v1/bundle/list?bundleId=ISP001

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

POST /v1/bundle/list?bundleId=ISP001 HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Content-Type: application/json;charset=utf-8
Host: sos.adaware.com
Content-Length: 340
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:22 GMT
Content-Type: application/json
Content-Length: 47249
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f95721fabbd1c08-AMS
GET

https://sos.adaware.com/v1/offer/detail?_id=ef5b479d741ad9a2cd4200a0061d96416809857f

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=ef5b479d741ad9a2cd4200a0061d96416809857f HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:22 GMT
Content-Type: application/json
Content-Length: 51612
Connection: keep-alive
CF-Cache-Status: HIT
Age: 408
Last-Modified: Sat, 19 Aug 2023 21:14:34 GMT
Expires: Sat, 19 Aug 2023 21:51:22 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f9572264b041c08-AMS
GET

https://sos.adaware.com/v1/offer/detail?_id=b53f3407b38d6a472cf2a396a0ddb626ca0e87fb

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=b53f3407b38d6a472cf2a396a0ddb626ca0e87fb HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:23 GMT
Content-Type: application/json
Content-Length: 44624
Connection: keep-alive
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 19 Aug 2023 14:15:43 GMT
Expires: Sat, 19 Aug 2023 21:51:23 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f957227bc9c1c08-AMS
GET

https://sos.adaware.com/v1/offer/detail?_id=937b5c9ada90629b6f734e0a03df231d04cc1721

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=937b5c9ada90629b6f734e0a03df231d04cc1721 HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/json
Content-Length: 115812
Connection: keep-alive
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 19 Aug 2023 20:24:50 GMT
Expires: Sat, 19 Aug 2023 21:51:24 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f95722f0c211c08-AMS
GET

https://sos.adaware.com/v1/offer/detail?_id=c057e5025ed4aca7ac8dde484be4c02799ff6823

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=c057e5025ed4aca7ac8dde484be4c02799ff6823 HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:26 GMT
Content-Type: application/json
Content-Length: 818083
Connection: keep-alive
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 19 Aug 2023 15:33:17 GMT
Expires: Sat, 19 Aug 2023 21:51:25 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f9572354a4e1c08-AMS
GET

https://sos.adaware.com/v1/offer/detail?_id=574e67ffa35da5479ff8e7d0a60990fb5dedbf5c

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=574e67ffa35da5479ff8e7d0a60990fb5dedbf5c HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:23 GMT
Content-Type: application/json
Content-Length: 6529
Connection: keep-alive
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 19 Aug 2023 17:15:35 GMT
Expires: Sat, 19 Aug 2023 21:51:23 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f9572267e270a78-AMS
GET

https://sos.adaware.com/v1/offer/detail?_id=4b495d609bef8ff74ef73829ab3d0e01f0ce9972

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=4b495d609bef8ff74ef73829ab3d0e01f0ce9972 HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:24 GMT
Content-Type: application/json
Content-Length: 152296
Connection: keep-alive
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 19 Aug 2023 14:16:09 GMT
Expires: Sat, 19 Aug 2023 21:51:23 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f9572291a630a78-AMS
GET

https://sos.adaware.com/v1/offer/detail?_id=9f072b13e25f9d34402a1b11e3bc8a3d572b9251

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=9f072b13e25f9d34402a1b11e3bc8a3d572b9251 HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/json
Content-Length: 122495
Connection: keep-alive
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 19 Aug 2023 14:14:23 GMT
Expires: Sat, 19 Aug 2023 21:51:25 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f9572313e7f0a78-AMS
DNS

bits.avcdn.net

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

bits.avcdn.net

IN A

Response

bits.avcdn.net

IN CNAME

bits.avast.com-v1.edgekey.net

bits.avast.com-v1.edgekey.net

IN CNAME

e4682.dscd.akamaiedge.net

e4682.dscd.akamaiedge.net

IN A

23.222.18.2
HEAD

https://bits.avcdn.net/platform_WIN/productfamily_ANTIVIRUS/cookie_mmm_lvs_ppi_002_967_v

GenericSetup.exe

Remote address:

23.222.18.2:443

Request

HEAD /platform_WIN/productfamily_ANTIVIRUS/cookie_mmm_lvs_ppi_002_967_v HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: bits.avcdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 263576
Last-Modified: Sat, 12 Aug 2023 07:13:28 GMT
ETag: "64d73118-40598"
Accept-Ranges: bytes
Content-Disposition: attachment; filename="avast_free_antivirus_setup_online.exe"
Date: Sat, 19 Aug 2023 21:21:23 GMT
Connection: keep-alive
HEAD

https://bits.avcdn.net/platform_WIN/productfamily_ANTIVIRUS/cookie_mmm_lvs_ppi_002_967_v

GenericSetup.exe

Remote address:

23.222.18.2:443

Request

HEAD /platform_WIN/productfamily_ANTIVIRUS/cookie_mmm_lvs_ppi_002_967_v HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: bits.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 263576
Last-Modified: Sat, 12 Aug 2023 07:13:28 GMT
ETag: "64d73118-40598"
Accept-Ranges: bytes
Content-Disposition: attachment; filename="avast_free_antivirus_setup_online.exe"
Date: Sat, 19 Aug 2023 21:21:23 GMT
Connection: keep-alive
DNS

webcf.quickdriverupdater.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

webcf.quickdriverupdater.com

IN A

Response

webcf.quickdriverupdater.com

IN CNAME

d3r4f1s63ob1dl.cloudfront.net

d3r4f1s63ob1dl.cloudfront.net

IN A

52.222.149.94

d3r4f1s63ob1dl.cloudfront.net

IN A

52.222.149.54

d3r4f1s63ob1dl.cloudfront.net

IN A

52.222.149.27

d3r4f1s63ob1dl.cloudfront.net

IN A

52.222.149.53
HEAD

https://webcf.quickdriverupdater.com/win/qdu/builds/v1013/qdurtsetup.exe

GenericSetup.exe

Remote address:

52.222.149.94:443

Request

HEAD /win/qdu/builds/v1013/qdurtsetup.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: webcf.quickdriverupdater.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/x-msdownload
Content-Length: 6740568
Connection: keep-alive
Last-Modified: Tue, 01 Feb 2022 10:15:56 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 19 Aug 2023 02:24:37 GMT
ETag: "4aae3da061f772f90bae6902c72f7cf2"
X-Cache: Hit from cloudfront
Via: 1.1 59217f0941f089caa7fbc6da584e0d2e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P1
X-Amz-Cf-Id: vql--2VUvuO9aCEyt9diWuv04I_glQAQiAyZ07OLSTQwkLkK_tOudQ==
Age: 68207
HEAD

https://webcf.quickdriverupdater.com/win/qdu/builds/v1013/qdurtsetup.exe

GenericSetup.exe

Remote address:

52.222.149.94:443

Request

HEAD /win/qdu/builds/v1013/qdurtsetup.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: webcf.quickdriverupdater.com

Response

HTTP/1.1 200 OK

Content-Type: application/x-msdownload
Content-Length: 6740568
Connection: keep-alive
Last-Modified: Tue, 01 Feb 2022 10:15:56 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 19 Aug 2023 02:24:37 GMT
ETag: "4aae3da061f772f90bae6902c72f7cf2"
X-Cache: Hit from cloudfront
Via: 1.1 59217f0941f089caa7fbc6da584e0d2e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P1
X-Amz-Cf-Id: GAvk5TiV0fyef8iBdEdya2D0GrX8UQqSLYbqLlQcxJvndLKx1Io1Ww==
Age: 68207
GET

https://sos.adaware.com/v1/offer/detail?_id=1e74861b9d4c4b047885674ecbe2f1a411d6b9e3

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=1e74861b9d4c4b047885674ecbe2f1a411d6b9e3 HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:24 GMT
Content-Type: application/json
Content-Length: 33348
Connection: keep-alive
CF-Cache-Status: MISS
Last-Modified: Sat, 19 Aug 2023 21:21:23 GMT
Expires: Sat, 19 Aug 2023 21:51:23 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f95722a2d0f1c95-AMS
GET

https://sos.adaware.com/v1/offer/detail?_id=81687d18f7651584e659594fc8aa611aadd251e6

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=81687d18f7651584e659594fc8aa611aadd251e6 HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/json
Content-Length: 106296
Connection: keep-alive
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 19 Aug 2023 15:33:14 GMT
Expires: Sat, 19 Aug 2023 21:51:25 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f95723249d01c95-AMS
DNS

download.enigmasoftware.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

download.enigmasoftware.com

IN A

Response

download.enigmasoftware.com

IN A

18.65.39.106

download.enigmasoftware.com

IN A

18.65.39.95

download.enigmasoftware.com

IN A

18.65.39.113

download.enigmasoftware.com

IN A

18.65.39.4
HEAD

https://download.enigmasoftware.com/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

GenericSetup.exe

Remote address:

18.65.39.106:443

Request

HEAD /spyhunter-free-download/silent/lav/SpyHunter-Installer.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: download.enigmasoftware.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Length: 0
Connection: keep-alive
Date: Sat, 19 Aug 2023 10:34:23 GMT
Location: https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: Wqhxm1HLaGcrHBQdwICNWm7f8fMN3BHMMxgGOQM5UTJvDPtlHhHkFA==
Age: 38821
DNS

spyhunter-download-v2.b-cdn.net

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

spyhunter-download-v2.b-cdn.net

IN A

Response

spyhunter-download-v2.b-cdn.net

IN A

103.180.115.13
HEAD

https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

GenericSetup.exe

Remote address:

103.180.115.13:443

Request

HEAD /spyhunter-free-download/silent/lav/SpyHunter-Installer.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: spyhunter-download-v2.b-cdn.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:24 GMT
Content-Type: application/octet-stream
Content-Length: 6893544
Connection: keep-alive
Server: BunnyCDN-CEN1-1045
CDN-PullZone: 1053841
CDN-Uid: 27a71848-22f2-45db-b801-7c7517de9523
CDN-RequestCountryCode: IN
Cache-Control: public, max-age=2592000
ETag: "c63e20841fed7e3fef9c88f91d8ad413"
Last-Modified: Thu, 02 Mar 2023 16:40:50 GMT
x-amz-id-2: 0w8CHQqsNCdvxpuxRncLuJ7zhI22Q3FylWsFQAnDQ45dXFNOvSaOkVR14+4J6ZLs30uNeTdi6N8=
x-amz-request-id: J76YCR1EHYX5N9A6
x-amz-server-side-encryption: AES256
x-amz-meta-cb-modifiedtime: Wed, 01 Mar 2023 16:20:29 GMT
CDN-ProxyVer: 1.03
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 200
CDN-CachedAt: 06/27/2023 06:05:50
CDN-EdgeStorageId: 1045
CDN-Status: 200
CDN-RequestId: 9f578b04dfed8d8f9b0ef7bffcd82a3e
CDN-Cache: HIT
Accept-Ranges: bytes
HEAD

https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

GenericSetup.exe

Remote address:

103.180.115.13:443

Request

HEAD /spyhunter-free-download/silent/lav/SpyHunter-Installer.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: spyhunter-download-v2.b-cdn.net

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:24 GMT
Content-Type: application/octet-stream
Content-Length: 6893544
Connection: keep-alive
Server: BunnyCDN-CEN1-1045
CDN-PullZone: 1053841
CDN-Uid: 27a71848-22f2-45db-b801-7c7517de9523
CDN-RequestCountryCode: IN
Cache-Control: public, max-age=2592000
ETag: "c63e20841fed7e3fef9c88f91d8ad413"
Last-Modified: Thu, 02 Mar 2023 16:40:50 GMT
x-amz-id-2: 0w8CHQqsNCdvxpuxRncLuJ7zhI22Q3FylWsFQAnDQ45dXFNOvSaOkVR14+4J6ZLs30uNeTdi6N8=
x-amz-request-id: J76YCR1EHYX5N9A6
x-amz-server-side-encryption: AES256
x-amz-meta-cb-modifiedtime: Wed, 01 Mar 2023 16:20:29 GMT
CDN-ProxyVer: 1.03
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 200
CDN-CachedAt: 06/27/2023 06:05:50
CDN-EdgeStorageId: 1045
CDN-Status: 200
CDN-RequestId: bf41d653d115960be6fe9165db3d7e9d
CDN-Cache: HIT
Accept-Ranges: bytes
DNS

2.18.222.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.18.222.23.in-addr.arpa

IN PTR

Response

2.18.222.23.in-addr.arpa

IN PTR

a23-222-18-2deploystaticakamaitechnologiescom
DNS

94.149.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

94.149.222.52.in-addr.arpa

IN PTR

Response

94.149.222.52.in-addr.arpa

IN PTR

server-52-222-149-94cdg52r cloudfrontnet
DNS

106.39.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.39.65.18.in-addr.arpa

IN PTR

Response

106.39.65.18.in-addr.arpa

IN PTR

server-18-65-39-106ams1r cloudfrontnet
DNS

13.115.180.103.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.115.180.103.in-addr.arpa

IN PTR

Response
DNS

cdn-download.avgbrowser.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

cdn-download.avgbrowser.com

IN A

Response

cdn-download.avgbrowser.com

IN CNAME

cdn-prod-download.browser.akamaized.net

cdn-prod-download.browser.akamaized.net

IN CNAME

a333.dscd.akamai.net

a333.dscd.akamai.net

IN A

2.18.121.76

a333.dscd.akamai.net

IN A

2.18.121.69
HEAD

https://cdn-download.avgbrowser.com/avg_secure_browser_setup.exe

GenericSetup.exe

Remote address:

2.18.121.76:443

Request

HEAD /avg_secure_browser_setup.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: cdn-download.avgbrowser.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 6246416
Pragma: public
content-disposition: attachment; filename="avg_secure_browser_setup.exe"
Last-Modified: Tue, 06 Jun 2023 12:57:01 GMT
ETag: b019a44edace07b3200d1d70ccbfc8b5
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f952a203e6d3a44-FRA
Cache-Control: public, must-revalidate, max-age=0, post-check=0, pre-check=0
Expires: Sat, 19 Aug 2023 21:21:24 GMT
Date: Sat, 19 Aug 2023 21:21:24 GMT
Connection: keep-alive
HEAD

https://cdn-download.avgbrowser.com/avg_secure_browser_setup.exe

GenericSetup.exe

Remote address:

2.18.121.76:443

Request

HEAD /avg_secure_browser_setup.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: cdn-download.avgbrowser.com

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 6246416
Pragma: public
content-disposition: attachment; filename="avg_secure_browser_setup.exe"
Last-Modified: Tue, 06 Jun 2023 12:57:01 GMT
ETag: b019a44edace07b3200d1d70ccbfc8b5
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7f952a203e6d3a44-FRA
Cache-Control: public, must-revalidate, max-age=0, post-check=0, pre-check=0
Expires: Sat, 19 Aug 2023 21:21:24 GMT
Date: Sat, 19 Aug 2023 21:21:24 GMT
Connection: keep-alive
DNS

cdn.supernovaprizes.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

cdn.supernovaprizes.com

IN A

Response

cdn.supernovaprizes.com

IN A

104.21.31.55

cdn.supernovaprizes.com

IN A

172.67.175.2
HEAD

https://cdn.supernovaprizes.com/426/SupernovaInstaller.exe

GenericSetup.exe

Remote address:

104.21.31.55:443

Request

HEAD /426/SupernovaInstaller.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: cdn.supernovaprizes.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:24 GMT
Content-Type: application/x-msdownload
Content-Length: 25137568
Connection: keep-alive
ETag: "261c39b9d42458d4d725ba5d6df88677"
Last-Modified: Thu, 13 Apr 2023 15:26:42 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5156
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZkZoEBtnLWwgoxknRHuAN1c6GwCd9LypLGvAPPirixtnTfKxAKkBHjJ8mfOp42eJ1P2Bp2lEjdlkM1Rpo0P%2Fw239IIr%2BGcLInTb9phy1iQs%2BIOgln1hS%2Fbs3zqO%2FmA1XdxxrN83rk4EgMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7f9572329cb70a77-AMS
alt-svc: h3=":443"; ma=86400
HEAD

https://cdn.supernovaprizes.com/426/SupernovaInstaller.exe

GenericSetup.exe

Remote address:

104.21.31.55:443

Request

HEAD /426/SupernovaInstaller.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: cdn.supernovaprizes.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:24 GMT
Content-Type: application/x-msdownload
Content-Length: 25137568
Connection: keep-alive
ETag: "261c39b9d42458d4d725ba5d6df88677"
Last-Modified: Thu, 13 Apr 2023 15:26:42 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5156
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t98deOOPjplqWUidyNL9V1FlvaTGwPMGdkIQ%2F7l%2B1F66OP9Eu%2BeUt3cJvbduOYF3HfQZmTvzRHuPlFC55npQSlF8luC9RiT6vScnXW7%2FM7u6XZmutlhuDyAAYLKvLcd7FU0FCYSpxw8vLg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7f957232bccc0a77-AMS
alt-svc: h3=":443"; ma=86400
GET

https://sos.adaware.com/v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df

GenericSetup.exe

Remote address:

104.18.68.73:443

Request

GET /v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Referer: https://www.adaware.com
installid: 2ece34ab-55fb-467a-b7cd-1109b391c5da
Host: sos.adaware.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/json
Content-Length: 218009
Connection: keep-alive
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 19 Aug 2023 01:28:47 GMT
Expires: Sat, 19 Aug 2023 21:51:25 GMT
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 7f9572332dd8b914-AMS
DNS

net.geo.opera.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

net.geo.opera.com

IN A

Response

net.geo.opera.com

IN CNAME

eu.net.opera.com

eu.net.opera.com

IN A

185.26.182.111

eu.net.opera.com

IN A

185.26.182.112
HEAD

https://net.geo.opera.com/opera/stable/windows?utm_source=LAVASOFT&utm_medium=apb&utm_campaign=lavasoftACCDEC

GenericSetup.exe

Remote address:

185.26.182.111:443

Request

HEAD /opera/stable/windows?utm_source=LAVASOFT&utm_medium=apb&utm_campaign=lavasoftACCDEC HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: net.geo.opera.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/octet-stream
Connection: keep-alive
Content-Disposition: attachment; filename=OperaSetup.exe
Strict-Transport-Security: max-age=31536000; includeSubDomains
HEAD

https://net.geo.opera.com/opera/stable/windows?utm_source=LAVASOFT&utm_medium=apb&utm_campaign=lavasoftACCDEC

GenericSetup.exe

Remote address:

185.26.182.111:443

Request

HEAD /opera/stable/windows?utm_source=LAVASOFT&utm_medium=apb&utm_campaign=lavasoftACCDEC HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: net.geo.opera.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/octet-stream
Connection: keep-alive
Content-Disposition: attachment; filename=OperaSetup.exe
Strict-Transport-Security: max-age=31536000; includeSubDomains
DNS

76.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.121.18.2.in-addr.arpa

IN PTR

Response

76.121.18.2.in-addr.arpa

IN PTR

a2-18-121-76deploystaticakamaitechnologiescom
DNS

55.31.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.31.21.104.in-addr.arpa

IN PTR

Response
DNS

111.182.26.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

111.182.26.185.in-addr.arpa

IN PTR

Response
DNS

download.winzip.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

download.winzip.com

IN A

Response

download.winzip.com

IN CNAME

www.winzip1.com.edgekey.net

www.winzip1.com.edgekey.net

IN CNAME

e94167.b.akamaiedge.net

e94167.b.akamaiedge.net

IN A

2.19.195.193

e94167.b.akamaiedge.net

IN A

2.19.195.232
HEAD

https://download.winzip.com/nkln/27/winzip_mul_64.msi

GenericSetup.exe

Remote address:

2.19.195.193:443

Request

HEAD /nkln/27/winzip_mul_64.msi HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: download.winzip.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Length: 216237056
Content-Type: text/plain
ETag: "d92453bc245cf1f8482aaf96a85d5280:1661296616.331573"
Last-Modified: Tue, 23 Aug 2022 23:17:20 GMT
Server: AkamaiNetStorage
Date: Sat, 19 Aug 2023 21:21:25 GMT
Connection: keep-alive
HEAD

https://download.winzip.com/nkln/27/winzip_mul_64.msi

GenericSetup.exe

Remote address:

2.19.195.193:443

Request

HEAD /nkln/27/winzip_mul_64.msi HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: download.winzip.com

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Length: 216237056
Content-Type: text/plain
ETag: "d92453bc245cf1f8482aaf96a85d5280:1661296616.331573"
Last-Modified: Tue, 23 Aug 2022 23:17:20 GMT
Server: AkamaiNetStorage
Date: Sat, 19 Aug 2023 21:21:25 GMT
Connection: keep-alive
DNS

walliant.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

walliant.com

IN A

Response

walliant.com

IN A

104.21.57.77

walliant.com

IN A

172.67.189.175
HEAD

https://walliant.com/download/walliant_ls.exe

GenericSetup.exe

Remote address:

104.21.57.77:443

Request

HEAD /download/walliant_ls.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: walliant.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/octet-stream
Content-Length: 4161976
Connection: keep-alive
last-modified: Thu, 22 Dec 2022 10:31:20 GMT
etag: "63a431f8-3f81b8"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqN6eFxrUh7ze33KE6IOf6KolyPc%2BHrbw2siFeoVGsLJ2%2FUju2AkksiIx%2FZ3MB6XKhy234Ka7%2BMEAzZXYCWRPmYGCSWVOq1peXyek2esXkFOOpClqk5tdLHzI3XLN1o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7f9572372a88b737-AMS
alt-svc: h3=":443"; ma=86400
HEAD

https://walliant.com/download/walliant_ls.exe

GenericSetup.exe

Remote address:

104.21.57.77:443

Request

HEAD /download/walliant_ls.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: walliant.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:25 GMT
Content-Type: application/octet-stream
Content-Length: 4161976
Connection: keep-alive
last-modified: Thu, 22 Dec 2022 10:31:20 GMT
etag: "63a431f8-3f81b8"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NjfxsbatOZ%2Bq5c0Edepop2osQiIK0PH%2F5j6XZwbgrmeaI2hOQTkeah4LSRxHWKCTcn7izT%2FQ8xtcDXNwX1TfmG%2BzYl7wn4kRHAUBSNsdc4GZbQ6z55GO6MzoKZ0cZKg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7f9572378af5b737-AMS
alt-svc: h3=":443"; ma=86400
DNS

download2021.pdf-suite.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

download2021.pdf-suite.com

IN A

Response

download2021.pdf-suite.com

IN A

198.72.111.246
HEAD

https://download2021.pdf-suite.com/get-app.aspx?configid=5A17D912-2B3D-4BB2-B4B2-8C355A2716C7&partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install

GenericSetup.exe

Remote address:

198.72.111.246:443

Request

HEAD /get-app.aspx?configid=5A17D912-2B3D-4BB2-B4B2-8C355A2716C7&partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: download2021.pdf-suite.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Cache-Control: private
Content-Length: 295
Content-Type: text/html; charset=utf-8
Location: /download.ashx?productcode=pdfsuite$params=partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install$configid=5a17d912-2b3d-4bb2-b4b2-8c355a2716c7
Server: Microsoft-IIS/10.0
Set-Cookie: ASP.NET_SessionId=3tf4qjnemnh45cchkfu30noc; path=/; HttpOnly; SameSite=Lax
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 19 Aug 2023 21:21:24 GMT
HEAD

https://download2021.pdf-suite.com/download.ashx?productcode=pdfsuite$params=partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install$configid=5a17d912-2b3d-4bb2-b4b2-8c355a2716c7

GenericSetup.exe

Remote address:

198.72.111.246:443

Request

HEAD /download.ashx?productcode=pdfsuite$params=partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install$configid=5a17d912-2b3d-4bb2-b4b2-8c355a2716c7 HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: download2021.pdf-suite.com

Response

HTTP/1.1 200 OK

Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 22360064
Content-Type: application/download
Expires: 0
Server: Microsoft-IIS/10.0
Content-Disposition: attachment; filename=PDFSuite2021Installer.exe
Content-Transfer-Encoding: binary
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 19 Aug 2023 21:21:24 GMT
HEAD

https://download2021.pdf-suite.com/download.ashx?productcode=pdfsuite$params=partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install$configid=5a17d912-2b3d-4bb2-b4b2-8c355a2716c7

GenericSetup.exe

Remote address:

198.72.111.246:443

Request

HEAD /download.ashx?productcode=pdfsuite$params=partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install$configid=5a17d912-2b3d-4bb2-b4b2-8c355a2716c7 HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: download2021.pdf-suite.com

Response

HTTP/1.1 200 OK

Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Length: 22360064
Content-Type: application/download
Expires: 0
Server: Microsoft-IIS/10.0
Content-Disposition: attachment; filename=PDFSuite2021Installer.exe
Content-Transfer-Encoding: binary
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 19 Aug 2023 21:21:24 GMT
DNS

193.195.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.195.19.2.in-addr.arpa

IN PTR

Response

193.195.19.2.in-addr.arpa

IN PTR

a2-19-195-193deploystaticakamaitechnologiescom
DNS

download.terabyteunlimited.com

GenericSetup.exe

Remote address:

8.8.8.8:53

Request

download.terabyteunlimited.com

IN A

Response

download.terabyteunlimited.com

IN A

50.62.141.182
HEAD

http://download.terabyteunlimited.com/terabyte_drive_image_backup_and_restore_suite_en_gui_trial.exe

GenericSetup.exe

Remote address:

50.62.141.182:80

Request

HEAD /terabyte_drive_image_backup_and_restore_suite_en_gui_trial.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: download.terabyteunlimited.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:27 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 13 Jul 2023 02:24:37 GMT
ETag: "3f01a8e-b53d088-6005508a21a01"
Accept-Ranges: bytes
Content-Length: 190042248
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: application/x-msdownload
HEAD

http://download.terabyteunlimited.com/terabyte_drive_image_backup_and_restore_suite_en_gui_trial.exe

GenericSetup.exe

Remote address:

50.62.141.182:80

Request

HEAD /terabyte_drive_image_backup_and_restore_suite_en_gui_trial.exe HTTP/1.1
User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/7.14.2.0)
Host: download.terabyteunlimited.com

Response

HTTP/1.1 200 OK

Date: Sat, 19 Aug 2023 21:21:27 GMT
Server: Apache
Last-Modified: Thu, 13 Jul 2023 02:24:37 GMT
ETag: "3f01a8e-b53d088-6005508a21a01"
Accept-Ranges: bytes
Content-Length: 190042248
Vary: Accept-Encoding
Content-Type: application/x-msdownload
DNS

77.57.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.57.21.104.in-addr.arpa

IN PTR

Response
DNS

246.111.72.198.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.111.72.198.in-addr.arpa

IN PTR

Response
DNS

182.141.62.50.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.141.62.50.in-addr.arpa

IN PTR

Response

182.141.62.50.in-addr.arpa

IN PTR

1821416250hostsecureservernet
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

203.151.224.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.151.224.20.in-addr.arpa

IN PTR

Response
DNS

27.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.73.42.20.in-addr.arpa

IN PTR

Response

104.18.68.73:443

https://h2oapi.adaware.com/v1/bundleinfo/6bd234db1b22c82e54241b14926b5d83272bbc4d

tls, http

GenericSetup.exe

909 B
4.2kB
9
8

HTTP Request

GET https://h2oapi.adaware.com/v1/bundleinfo/6bd234db1b22c82e54241b14926b5d83272bbc4d

HTTP Response

200
104.17.9.52:443

https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApproved

tls, http

GenericSetup.exe

51.5kB
16.2kB
82
88

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffers

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

HTTP Response

200

HTTP Request

POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApproved

HTTP Response

200
104.18.68.73:443

https://sos.adaware.com/v1/offer/detail?_id=c057e5025ed4aca7ac8dde484be4c02799ff6823

tls, http

GenericSetup.exe

23.3kB
1.1MB
459
892

HTTP Request

POST https://sos.adaware.com/v1/bundle/list?bundleId=ISP001

HTTP Response

200

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=ef5b479d741ad9a2cd4200a0061d96416809857f

HTTP Response

200

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=b53f3407b38d6a472cf2a396a0ddb626ca0e87fb

HTTP Response

200

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=937b5c9ada90629b6f734e0a03df231d04cc1721

HTTP Response

200

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=c057e5025ed4aca7ac8dde484be4c02799ff6823

HTTP Response

200
104.18.68.73:443

https://sos.adaware.com/v1/offer/detail?_id=9f072b13e25f9d34402a1b11e3bc8a3d572b9251

tls, http

GenericSetup.exe

7.4kB
295.1kB
133
252

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=574e67ffa35da5479ff8e7d0a60990fb5dedbf5c

HTTP Response

200

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=4b495d609bef8ff74ef73829ab3d0e01f0ce9972

HTTP Response

200

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=9f072b13e25f9d34402a1b11e3bc8a3d572b9251

HTTP Response

200
23.222.18.2:443

https://bits.avcdn.net/platform_WIN/productfamily_ANTIVIRUS/cookie_mmm_lvs_ppi_002_967_v

tls, http

GenericSetup.exe

1.2kB
5.1kB
10
13

HTTP Request

HEAD https://bits.avcdn.net/platform_WIN/productfamily_ANTIVIRUS/cookie_mmm_lvs_ppi_002_967_v

HTTP Response

200

HTTP Request

HEAD https://bits.avcdn.net/platform_WIN/productfamily_ANTIVIRUS/cookie_mmm_lvs_ppi_002_967_v

HTTP Response

200
52.222.149.94:443

https://webcf.quickdriverupdater.com/win/qdu/builds/v1013/qdurtsetup.exe

tls, http

GenericSetup.exe

1.2kB
7.2kB
10
12

HTTP Request

HEAD https://webcf.quickdriverupdater.com/win/qdu/builds/v1013/qdurtsetup.exe

HTTP Response

200

HTTP Request

HEAD https://webcf.quickdriverupdater.com/win/qdu/builds/v1013/qdurtsetup.exe

HTTP Response

200
104.18.68.73:443

https://sos.adaware.com/v1/offer/detail?_id=81687d18f7651584e659594fc8aa611aadd251e6

tls, http

GenericSetup.exe

4.4kB
147.8kB
73
138

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=1e74861b9d4c4b047885674ecbe2f1a411d6b9e3

HTTP Response

200

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=81687d18f7651584e659594fc8aa611aadd251e6

HTTP Response

200
18.65.39.106:443

https://download.enigmasoftware.com/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

tls, http

GenericSetup.exe

978 B
6.5kB
10
10

HTTP Request

HEAD https://download.enigmasoftware.com/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

HTTP Response

301
103.180.115.13:443

https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

tls, http

GenericSetup.exe

1.2kB
7.5kB
10
11

HTTP Request

HEAD https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

HTTP Response

200

HTTP Request

HEAD https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

HTTP Response

200
2.18.121.76:443

https://cdn-download.avgbrowser.com/avg_secure_browser_setup.exe

tls, http

GenericSetup.exe

1.2kB
7.3kB
11
15

HTTP Request

HEAD https://cdn-download.avgbrowser.com/avg_secure_browser_setup.exe

HTTP Response

200

HTTP Request

HEAD https://cdn-download.avgbrowser.com/avg_secure_browser_setup.exe

HTTP Response

200
104.21.31.55:443

https://cdn.supernovaprizes.com/426/SupernovaInstaller.exe

tls, http

GenericSetup.exe

1.1kB
4.7kB
9
8

HTTP Request

HEAD https://cdn.supernovaprizes.com/426/SupernovaInstaller.exe

HTTP Response

200

HTTP Request

HEAD https://cdn.supernovaprizes.com/426/SupernovaInstaller.exe

HTTP Response

200
104.18.68.73:443

https://sos.adaware.com/v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df

tls, http

GenericSetup.exe

5.5kB
228.9kB
105
201

HTTP Request

GET https://sos.adaware.com/v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df

HTTP Response

200
185.26.182.111:443

https://net.geo.opera.com/opera/stable/windows?utm_source=LAVASOFT&utm_medium=apb&utm_campaign=lavasoftACCDEC

tls, http

GenericSetup.exe

1.2kB
3.8kB
9
11

HTTP Request

HEAD https://net.geo.opera.com/opera/stable/windows?utm_source=LAVASOFT&utm_medium=apb&utm_campaign=lavasoftACCDEC

HTTP Response

200

HTTP Request

HEAD https://net.geo.opera.com/opera/stable/windows?utm_source=LAVASOFT&utm_medium=apb&utm_campaign=lavasoftACCDEC

HTTP Response

200
2.19.195.193:443

https://download.winzip.com/nkln/27/winzip_mul_64.msi

tls, http

GenericSetup.exe

1.2kB
6.4kB
11
15

HTTP Request

HEAD https://download.winzip.com/nkln/27/winzip_mul_64.msi

HTTP Response

200

HTTP Request

HEAD https://download.winzip.com/nkln/27/winzip_mul_64.msi

HTTP Response

200
104.21.57.77:443

https://walliant.com/download/walliant_ls.exe

tls, http

GenericSetup.exe

1.1kB
6.8kB
10
12

HTTP Request

HEAD https://walliant.com/download/walliant_ls.exe

HTTP Response

200

HTTP Request

HEAD https://walliant.com/download/walliant_ls.exe

HTTP Response

200
198.72.111.246:443

https://download2021.pdf-suite.com/download.ashx?productcode=pdfsuite$params=partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install$configid=5a17d912-2b3d-4bb2-b4b2-8c355a2716c7

tls, http

GenericSetup.exe

1.7kB
5.5kB
11
16

HTTP Request

HEAD https://download2021.pdf-suite.com/get-app.aspx?configid=5A17D912-2B3D-4BB2-B4B2-8C355A2716C7&partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install

HTTP Response

302

HTTP Request

HEAD https://download2021.pdf-suite.com/download.ashx?productcode=pdfsuite$params=partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install$configid=5a17d912-2b3d-4bb2-b4b2-8c355a2716c7

HTTP Response

200

HTTP Request

HEAD https://download2021.pdf-suite.com/download.ashx?productcode=pdfsuite$params=partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install$configid=5a17d912-2b3d-4bb2-b4b2-8c355a2716c7

HTTP Response

200
50.62.141.182:80

http://download.terabyteunlimited.com/terabyte_drive_image_backup_and_restore_suite_en_gui_trial.exe

http

GenericSetup.exe

698 B
823 B
6
5

HTTP Request

HEAD http://download.terabyteunlimited.com/terabyte_drive_image_backup_and_restore_suite_en_gui_trial.exe

HTTP Response

200

HTTP Request

HEAD http://download.terabyteunlimited.com/terabyte_drive_image_backup_and_restore_suite_en_gui_trial.exe

HTTP Response

200

8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

134.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

134.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

41.26.24.184.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.26.24.184.in-addr.arpa
8.8.8.8:53

h2oapi.adaware.com

dns

GenericSetup.exe

64 B
96 B
1
1

DNS Request

h2oapi.adaware.com

DNS Response

104.18.68.73

104.18.67.73
8.8.8.8:53

73.68.18.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

73.68.18.104.in-addr.arpa
8.8.8.8:53

flow.lavasoft.com

dns

GenericSetup.exe

63 B
95 B
1
1

DNS Request

flow.lavasoft.com

DNS Response

104.17.9.52

104.17.8.52
8.8.8.8:53

52.9.17.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

52.9.17.104.in-addr.arpa
8.8.8.8:53

sos.adaware.com

dns

GenericSetup.exe

61 B
93 B
1
1

DNS Request

sos.adaware.com

DNS Response

104.18.68.73

104.18.67.73
8.8.8.8:53

bits.avcdn.net

dns

GenericSetup.exe

60 B
152 B
1
1

DNS Request

bits.avcdn.net

DNS Response

23.222.18.2
8.8.8.8:53

webcf.quickdriverupdater.com

dns

GenericSetup.exe

74 B
181 B
1
1

DNS Request

webcf.quickdriverupdater.com

DNS Response

52.222.149.94

52.222.149.54

52.222.149.27

52.222.149.53
8.8.8.8:53

download.enigmasoftware.com

dns

GenericSetup.exe

73 B
137 B
1
1

DNS Request

download.enigmasoftware.com

DNS Response

18.65.39.106

18.65.39.95

18.65.39.113

18.65.39.4
8.8.8.8:53

spyhunter-download-v2.b-cdn.net

dns

GenericSetup.exe

77 B
93 B
1
1

DNS Request

spyhunter-download-v2.b-cdn.net

DNS Response

103.180.115.13
8.8.8.8:53

2.18.222.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

2.18.222.23.in-addr.arpa
8.8.8.8:53

94.149.222.52.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

94.149.222.52.in-addr.arpa
8.8.8.8:53

106.39.65.18.in-addr.arpa

dns

71 B
126 B
1
1

DNS Request

106.39.65.18.in-addr.arpa
8.8.8.8:53

13.115.180.103.in-addr.arpa

dns

73 B
161 B
1
1

DNS Request

13.115.180.103.in-addr.arpa
8.8.8.8:53

cdn-download.avgbrowser.com

dns

GenericSetup.exe

73 B
189 B
1
1

DNS Request

cdn-download.avgbrowser.com

DNS Response

2.18.121.76

2.18.121.69
8.8.8.8:53

cdn.supernovaprizes.com

dns

GenericSetup.exe

69 B
101 B
1
1

DNS Request

cdn.supernovaprizes.com

DNS Response

104.21.31.55

172.67.175.2
8.8.8.8:53

net.geo.opera.com

dns

GenericSetup.exe

63 B
116 B
1
1

DNS Request

net.geo.opera.com

DNS Response

185.26.182.111

185.26.182.112
8.8.8.8:53

76.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

76.121.18.2.in-addr.arpa
8.8.8.8:53

55.31.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

55.31.21.104.in-addr.arpa
8.8.8.8:53

111.182.26.185.in-addr.arpa

dns

73 B
134 B
1
1

DNS Request

111.182.26.185.in-addr.arpa
8.8.8.8:53

download.winzip.com

dns

GenericSetup.exe

65 B
172 B
1
1

DNS Request

download.winzip.com

DNS Response

2.19.195.193

2.19.195.232
8.8.8.8:53

walliant.com

dns

GenericSetup.exe

58 B
90 B
1
1

DNS Request

walliant.com

DNS Response

104.21.57.77

172.67.189.175
8.8.8.8:53

download2021.pdf-suite.com

dns

GenericSetup.exe

72 B
88 B
1
1

DNS Request

download2021.pdf-suite.com

DNS Response

198.72.111.246
8.8.8.8:53

193.195.19.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

193.195.19.2.in-addr.arpa
8.8.8.8:53

download.terabyteunlimited.com

dns

GenericSetup.exe

76 B
92 B
1
1

DNS Request

download.terabyteunlimited.com

DNS Response

50.62.141.182
8.8.8.8:53

77.57.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

77.57.21.104.in-addr.arpa
8.8.8.8:53

246.111.72.198.in-addr.arpa

dns

73 B
136 B
1
1

DNS Request

246.111.72.198.in-addr.arpa
8.8.8.8:53

182.141.62.50.in-addr.arpa

dns

72 B
121 B
1
1

DNS Request

182.141.62.50.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

203.151.224.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

203.151.224.20.in-addr.arpa
8.8.8.8:53

27.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

27.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OCommonResources.dll

Filesize
5.7MB

MD5
7057b9c92d465cd8582b3af21d44239c

SHA1
fddb6a013467a9973c7eaeb0ceccc94209d5cfdf

SHA256
3a59cf866661a07ea7c2cb88c957a966fc5a24e1f0fb2b764195b79702c18239

SHA512
da80adce2bd141a73caae5bbce7a38751a34534af1fa6e8bf0d6c4456c97f8c0dcf73d231a07e9eff860471785850be4a8f2f243eb04982bd3fe83fa0fc8a7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OCommonResources.dll

Filesize
5.7MB

MD5
7057b9c92d465cd8582b3af21d44239c

SHA1
fddb6a013467a9973c7eaeb0ceccc94209d5cfdf

SHA256
3a59cf866661a07ea7c2cb88c957a966fc5a24e1f0fb2b764195b79702c18239

SHA512
da80adce2bd141a73caae5bbce7a38751a34534af1fa6e8bf0d6c4456c97f8c0dcf73d231a07e9eff860471785850be4a8f2f243eb04982bd3fe83fa0fc8a7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OCommonResources.dll

Filesize
5.7MB

MD5
7057b9c92d465cd8582b3af21d44239c

SHA1
fddb6a013467a9973c7eaeb0ceccc94209d5cfdf

SHA256
3a59cf866661a07ea7c2cb88c957a966fc5a24e1f0fb2b764195b79702c18239

SHA512
da80adce2bd141a73caae5bbce7a38751a34534af1fa6e8bf0d6c4456c97f8c0dcf73d231a07e9eff860471785850be4a8f2f243eb04982bd3fe83fa0fc8a7c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2ODAL.dll

Filesize
17KB

MD5
d7134e64bdce2ea5fa7504781a57adaa

SHA1
5a72a075736b8ce2c3375a745c8e7cdc4320ed15

SHA256
f28041ab9edb612da9e7c42bb4d940e69fb440d4cb786f969512e0b61e54e637

SHA512
9a108406857af08238d73c56dfa1ea3f42eba40bdd65915aea74c871ba3aa0f75cbf2ad7f5bce2ac40d5efeffd16f3bfeb70f88e88798419a8fdef77ef2fef54

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2ODAL.dll

Filesize
17KB

MD5
d7134e64bdce2ea5fa7504781a57adaa

SHA1
5a72a075736b8ce2c3375a745c8e7cdc4320ed15

SHA256
f28041ab9edb612da9e7c42bb4d940e69fb440d4cb786f969512e0b61e54e637

SHA512
9a108406857af08238d73c56dfa1ea3f42eba40bdd65915aea74c871ba3aa0f75cbf2ad7f5bce2ac40d5efeffd16f3bfeb70f88e88798419a8fdef77ef2fef54

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2ODAL.dll

Filesize
17KB

MD5
d7134e64bdce2ea5fa7504781a57adaa

SHA1
5a72a075736b8ce2c3375a745c8e7cdc4320ed15

SHA256
f28041ab9edb612da9e7c42bb4d940e69fb440d4cb786f969512e0b61e54e637

SHA512
9a108406857af08238d73c56dfa1ea3f42eba40bdd65915aea74c871ba3aa0f75cbf2ad7f5bce2ac40d5efeffd16f3bfeb70f88e88798419a8fdef77ef2fef54

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OModels.dll

Filesize
78KB

MD5
e57646a871a04782fd546583a01d62b4

SHA1
983fad031d66098df6331e0b562d69853ccb37e2

SHA256
f5138fe637e5b1b735fb2e54607147ceb973cc537ad07690ef1bca27ac6da4b5

SHA512
65d4f51417a19d0cc16ec47f21ab3a1d8877864015098a7bdf21286eaf4be05356381e15ba9d7a27baf9567f0fa47f17cfb35e6af6bab495b617dde9d7d89ef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OModels.dll

Filesize
78KB

MD5
e57646a871a04782fd546583a01d62b4

SHA1
983fad031d66098df6331e0b562d69853ccb37e2

SHA256
f5138fe637e5b1b735fb2e54607147ceb973cc537ad07690ef1bca27ac6da4b5

SHA512
65d4f51417a19d0cc16ec47f21ab3a1d8877864015098a7bdf21286eaf4be05356381e15ba9d7a27baf9567f0fa47f17cfb35e6af6bab495b617dde9d7d89ef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OModels.dll

Filesize
78KB

MD5
e57646a871a04782fd546583a01d62b4

SHA1
983fad031d66098df6331e0b562d69853ccb37e2

SHA256
f5138fe637e5b1b735fb2e54607147ceb973cc537ad07690ef1bca27ac6da4b5

SHA512
65d4f51417a19d0cc16ec47f21ab3a1d8877864015098a7bdf21286eaf4be05356381e15ba9d7a27baf9567f0fa47f17cfb35e6af6bab495b617dde9d7d89ef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OResources.dll

Filesize
20KB

MD5
d2f164645dc4fbff8458306adf7b1870

SHA1
85b787ea895d08925d06ff021eff2412593db40d

SHA256
8881f487bc800630d0292aff9ff8364c228e634710f1e4766616b0ab7f9a724b

SHA512
21c729c85ef36cdda3d1574a9cdf8fc18d7c868ff4072c8e5e8968c57bc6c239ba5d627189ad0ac24d04d9eb5390b090882f8d17da09fac308b81acf4617d4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OResources.dll

Filesize
20KB

MD5
d2f164645dc4fbff8458306adf7b1870

SHA1
85b787ea895d08925d06ff021eff2412593db40d

SHA256
8881f487bc800630d0292aff9ff8364c228e634710f1e4766616b0ab7f9a724b

SHA512
21c729c85ef36cdda3d1574a9cdf8fc18d7c868ff4072c8e5e8968c57bc6c239ba5d627189ad0ac24d04d9eb5390b090882f8d17da09fac308b81acf4617d4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OResources.dll

Filesize
20KB

MD5
d2f164645dc4fbff8458306adf7b1870

SHA1
85b787ea895d08925d06ff021eff2412593db40d

SHA256
8881f487bc800630d0292aff9ff8364c228e634710f1e4766616b0ab7f9a724b

SHA512
21c729c85ef36cdda3d1574a9cdf8fc18d7c868ff4072c8e5e8968c57bc6c239ba5d627189ad0ac24d04d9eb5390b090882f8d17da09fac308b81acf4617d4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OServices.dll

Filesize
168KB

MD5
046edd0ee8296e611920786c4f25cd7a

SHA1
597eb52d27c61dcbb076e03f6a2fa71d6733a61b

SHA256
eed0eabb8ecbf5d30abc0ed992f2ec2f28fa2e7d5588a090d357af424a4ddd84

SHA512
f7a3877aa7d452dc4d7c0b37c1da088d5f211342c934c4419873a0fca267cfd5911e217fb45c0cb10eaa78526733a996b0e2ea2de1c35abe2fc4305a355ed79a

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OServices.dll

Filesize
168KB

MD5
046edd0ee8296e611920786c4f25cd7a

SHA1
597eb52d27c61dcbb076e03f6a2fa71d6733a61b

SHA256
eed0eabb8ecbf5d30abc0ed992f2ec2f28fa2e7d5588a090d357af424a4ddd84

SHA512
f7a3877aa7d452dc4d7c0b37c1da088d5f211342c934c4419873a0fca267cfd5911e217fb45c0cb10eaa78526733a996b0e2ea2de1c35abe2fc4305a355ed79a

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OServices.dll

Filesize
168KB

MD5
046edd0ee8296e611920786c4f25cd7a

SHA1
597eb52d27c61dcbb076e03f6a2fa71d6733a61b

SHA256
eed0eabb8ecbf5d30abc0ed992f2ec2f28fa2e7d5588a090d357af424a4ddd84

SHA512
f7a3877aa7d452dc4d7c0b37c1da088d5f211342c934c4419873a0fca267cfd5911e217fb45c0cb10eaa78526733a996b0e2ea2de1c35abe2fc4305a355ed79a

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OUtilities.dll

Filesize
125KB

MD5
de46930143bfc9b30f0f68ef2317a320

SHA1
e6b48151e5f3fcc5d9f300b330e9aeb7602adcf9

SHA256
fe4942cf5b5fdfd04e6af4cdaa128fbadd35b9a4c6d7d6b4407a02ce55131932

SHA512
8e23169277ba0cbc0b8f42db19140d1edf66a9f24f115be19c98f3acf64ea871d8bb8923d709e8b1dbfda0abc0382f5326457c929d422099d8e7a1d26560bea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OUtilities.dll

Filesize
125KB

MD5
de46930143bfc9b30f0f68ef2317a320

SHA1
e6b48151e5f3fcc5d9f300b330e9aeb7602adcf9

SHA256
fe4942cf5b5fdfd04e6af4cdaa128fbadd35b9a4c6d7d6b4407a02ce55131932

SHA512
8e23169277ba0cbc0b8f42db19140d1edf66a9f24f115be19c98f3acf64ea871d8bb8923d709e8b1dbfda0abc0382f5326457c929d422099d8e7a1d26560bea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OUtilities.dll

Filesize
125KB

MD5
de46930143bfc9b30f0f68ef2317a320

SHA1
e6b48151e5f3fcc5d9f300b330e9aeb7602adcf9

SHA256
fe4942cf5b5fdfd04e6af4cdaa128fbadd35b9a4c6d7d6b4407a02ce55131932

SHA512
8e23169277ba0cbc0b8f42db19140d1edf66a9f24f115be19c98f3acf64ea871d8bb8923d709e8b1dbfda0abc0382f5326457c929d422099d8e7a1d26560bea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OViewModels.dll

Filesize
9KB

MD5
0ef343471a5777b6f90d9ae85164449e

SHA1
90a754b788f48a1a1e799d77cbd5d84e60bcdae4

SHA256
295b970cd45ca0d9577d5ce875de5cf92367fcb6c7794e525b00090fa1ad62d6

SHA512
d939ccb622f4b519f5aa602f8793ba69492e77b1f73a710997899b9a716f1425044bf8a86b1ad3335eb81339d9cdc3ef7f641eb7d4c1ab29486210fafe76f14c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OViewModels.dll

Filesize
9KB

MD5
0ef343471a5777b6f90d9ae85164449e

SHA1
90a754b788f48a1a1e799d77cbd5d84e60bcdae4

SHA256
295b970cd45ca0d9577d5ce875de5cf92367fcb6c7794e525b00090fa1ad62d6

SHA512
d939ccb622f4b519f5aa602f8793ba69492e77b1f73a710997899b9a716f1425044bf8a86b1ad3335eb81339d9cdc3ef7f641eb7d4c1ab29486210fafe76f14c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\H2OViewModels.dll

Filesize
9KB

MD5
0ef343471a5777b6f90d9ae85164449e

SHA1
90a754b788f48a1a1e799d77cbd5d84e60bcdae4

SHA256
295b970cd45ca0d9577d5ce875de5cf92367fcb6c7794e525b00090fa1ad62d6

SHA512
d939ccb622f4b519f5aa602f8793ba69492e77b1f73a710997899b9a716f1425044bf8a86b1ad3335eb81339d9cdc3ef7f641eb7d4c1ab29486210fafe76f14c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\OfferSDK.dll

Filesize
178KB

MD5
1105b8b33b0f019651566b87959512e2

SHA1
14d9ee07349bb349c32fc3b0e80087fb75e6bacb

SHA256
9a059883bee5177723b1a971172010a349db64c1dd60fcb3bbf190fe0e78bb07

SHA512
aaca1803c2618cf92306b6dd71b6d8d505c0fe8cd0c6262be268d7097251cd4edcfbeb60be109488958956b570485f2ea94a4ab7cc8e8c149f55759741014010

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\OfferSDK.dll

Filesize
178KB

MD5
1105b8b33b0f019651566b87959512e2

SHA1
14d9ee07349bb349c32fc3b0e80087fb75e6bacb

SHA256
9a059883bee5177723b1a971172010a349db64c1dd60fcb3bbf190fe0e78bb07

SHA512
aaca1803c2618cf92306b6dd71b6d8d505c0fe8cd0c6262be268d7097251cd4edcfbeb60be109488958956b570485f2ea94a4ab7cc8e8c149f55759741014010

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\OfferSDK.dll

Filesize
178KB

MD5
1105b8b33b0f019651566b87959512e2

SHA1
14d9ee07349bb349c32fc3b0e80087fb75e6bacb

SHA256
9a059883bee5177723b1a971172010a349db64c1dd60fcb3bbf190fe0e78bb07

SHA512
aaca1803c2618cf92306b6dd71b6d8d505c0fe8cd0c6262be268d7097251cd4edcfbeb60be109488958956b570485f2ea94a4ab7cc8e8c149f55759741014010

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\Resources\OfferPage.html

Filesize
1KB

MD5
c37f07dc647fdb2f71870cd9e574039b

SHA1
6e0a6b2bf530dbe7f3461ff5861a4291212a363c

SHA256
c2ffb2f6f44682f983fd068dd4240b7254d437f38dd869cd861ee9b858476fc2

SHA512
7cbb691f4974220738b760fc27bfcda02b3c6e3ac4c602e6af30d3a05984bf6274a0c603efc1b16278d5e45221bdd6c8fb896031b547da860b6ef54931da81b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\SciterWrapper.dll

Filesize
139KB

MD5
6cbc4475b6af8a6f68ed8696df09ff2d

SHA1
906e0caab3feac88b372c2c25a083c9149e31dc0

SHA256
51e42ff1d66f3042e512be1dd60ac1c7b1a2a5307acd191dffcf24ef106c8970

SHA512
7d5d0fcbfaa218ad95918c421f4cc97e5f98090945c8b4f786ee2d92d0fe44698b580838777cddda34fe1e556eac549168df6eb01a9f9041ad915203e52aa023

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\SciterWrapper.dll

Filesize
139KB

MD5
6cbc4475b6af8a6f68ed8696df09ff2d

SHA1
906e0caab3feac88b372c2c25a083c9149e31dc0

SHA256
51e42ff1d66f3042e512be1dd60ac1c7b1a2a5307acd191dffcf24ef106c8970

SHA512
7d5d0fcbfaa218ad95918c421f4cc97e5f98090945c8b4f786ee2d92d0fe44698b580838777cddda34fe1e556eac549168df6eb01a9f9041ad915203e52aa023

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\SciterWrapper.dll

Filesize
139KB

MD5
6cbc4475b6af8a6f68ed8696df09ff2d

SHA1
906e0caab3feac88b372c2c25a083c9149e31dc0

SHA256
51e42ff1d66f3042e512be1dd60ac1c7b1a2a5307acd191dffcf24ef106c8970

SHA512
7d5d0fcbfaa218ad95918c421f4cc97e5f98090945c8b4f786ee2d92d0fe44698b580838777cddda34fe1e556eac549168df6eb01a9f9041ad915203e52aa023

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.Net.dll

Filesize
101KB

MD5
fc3be382cc3a7b4fafee4fdd465cab2e

SHA1
334da714147aac5d32116ba1753c88e2d6956705

SHA256
42c2156b7eee3bf8bee8d0c1d3d3f138e059ddda342cf8ee0d723130fb865304

SHA512
2e2d99c93d9f89fca51ae744b9ad0ad6d86dd97cb4a81913e0783984e1d16173eeaf6b3123a4db6241ee0b71b461fb47d297eb20ea501c37c608e15294cf39f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.Net.dll

Filesize
101KB

MD5
fc3be382cc3a7b4fafee4fdd465cab2e

SHA1
334da714147aac5d32116ba1753c88e2d6956705

SHA256
42c2156b7eee3bf8bee8d0c1d3d3f138e059ddda342cf8ee0d723130fb865304

SHA512
2e2d99c93d9f89fca51ae744b9ad0ad6d86dd97cb4a81913e0783984e1d16173eeaf6b3123a4db6241ee0b71b461fb47d297eb20ea501c37c608e15294cf39f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.Net.dll

Filesize
101KB

MD5
fc3be382cc3a7b4fafee4fdd465cab2e

SHA1
334da714147aac5d32116ba1753c88e2d6956705

SHA256
42c2156b7eee3bf8bee8d0c1d3d3f138e059ddda342cf8ee0d723130fb865304

SHA512
2e2d99c93d9f89fca51ae744b9ad0ad6d86dd97cb4a81913e0783984e1d16173eeaf6b3123a4db6241ee0b71b461fb47d297eb20ea501c37c608e15294cf39f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.Net.dll

Filesize
101KB

MD5
fc3be382cc3a7b4fafee4fdd465cab2e

SHA1
334da714147aac5d32116ba1753c88e2d6956705

SHA256
42c2156b7eee3bf8bee8d0c1d3d3f138e059ddda342cf8ee0d723130fb865304

SHA512
2e2d99c93d9f89fca51ae744b9ad0ad6d86dd97cb4a81913e0783984e1d16173eeaf6b3123a4db6241ee0b71b461fb47d297eb20ea501c37c608e15294cf39f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\ServiceHide.dll

Filesize
151KB

MD5
26d7a9a819ad38801857d657da7b43da

SHA1
c234851024d125caae81d759da98789c9dd2501c

SHA256
43bad9c77f861c5ce0f622896a33dbd8c34157c004550cac22cc97d3a4ba3052

SHA512
628299c06673b33566049d70f2f1f1a2a5c769ea5f5a1382b917c3cb11cd6b943005870e536b9e816632f29d1a3dced8eaa81e154b741491d57ef2cd54192190

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\sciter32.dll

Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3354215998cc498efdf76f123473fe62\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
memory/4388-178-0x00000000058C0000-0x00000000058F0000-memory.dmp

Filesize
192KB

Download
memory/4388-284-0x0000000009580000-0x0000000009B34000-memory.dmp

Filesize
5.7MB

Download
memory/4388-194-0x00000000058A0000-0x00000000058AA000-memory.dmp

Filesize
40KB

Download
memory/4388-269-0x00000000068D0000-0x00000000068F2000-memory.dmp

Filesize
136KB

Download
memory/4388-275-0x0000000007050000-0x000000000705C000-memory.dmp

Filesize
48KB

Download
memory/4388-186-0x00000000058F0000-0x0000000005916000-memory.dmp

Filesize
152KB

Download
memory/4388-202-0x0000000005950000-0x0000000005958000-memory.dmp

Filesize
32KB

Download
memory/4388-170-0x0000000005830000-0x000000000584A000-memory.dmp

Filesize
104KB

Download
memory/4388-278-0x0000000007A10000-0x0000000007FB4000-memory.dmp

Filesize
5.6MB

Download
memory/4388-162-0x0000000005850000-0x0000000005882000-memory.dmp

Filesize
200KB

Download
memory/4388-154-0x00000000057E0000-0x0000000005808000-memory.dmp

Filesize
160KB

Download
memory/4388-264-0x0000000006930000-0x00000000069BC000-memory.dmp

Filesize
560KB

Download
memory/4388-210-0x00000000059B0000-0x00000000059DA000-memory.dmp

Filesize
168KB

Download
memory/4388-300-0x0000000007700000-0x0000000007792000-memory.dmp

Filesize
584KB

Download
memory/4388-134-0x0000000000570000-0x0000000000966000-memory.dmp

Filesize
4.0MB

Download
memory/4388-218-0x0000000005A10000-0x0000000005A3C000-memory.dmp

Filesize
176KB

Download
memory/4388-243-0x0000000005FA0000-0x0000000005FB2000-memory.dmp

Filesize
72KB

Download
memory/4388-314-0x00000000083F0000-0x000000000841E000-memory.dmp

Filesize
184KB

Download
memory/4388-135-0x00000000053F0000-0x0000000005400000-memory.dmp

Filesize
64KB

Download
memory/4388-325-0x00000000753C0000-0x0000000075B70000-memory.dmp

Filesize
7.7MB

Download
memory/4388-328-0x00000000053F0000-0x0000000005400000-memory.dmp

Filesize
64KB

Download
memory/4388-133-0x00000000753C0000-0x0000000075B70000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request