Overview

overview

6

Static

static

1

Solara New...12.exe

windows7-x64

6

Solara New...12.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 13:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Solara New Bootstrapper_44132212.exe

  • Size

    395KB

  • MD5

    581cc393f5b61262b4f6dca8f3390cfd

  • SHA1

    12060b92daea62b9f5e8a72b401df435c3401615

  • SHA256

    3df9e04fb5e03ccde4c0588af869f50a6379618198023cd3e5ada46e42aceb0a

  • SHA512

    e46e9f199e5c354b8b39a36c610474cdcacfb423974d13dfede623d1db4dc296abb72c3615de95030db792881718aedfdf370859f95e29edcc0e1c8b38206eb0

  • SSDEEP

    12288:e5QNbCRMahENyB/+c3LpvNRlO/xj+qpproQ:emNuIUB/D31NSj+qfoQ

Score
6/10
discovery

Malware Config

Signatures

  • Checks for any installed AV software in registry 1 TTPs 8 IoCs
  • Downloads MZ/PE file
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs
  • Modifies system certificate store 2 TTPs 16 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_44132212.exe
    "C:\Users\Admin\AppData\Local\Temp\Solara New Bootstrapper_44132212.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Users\Admin\AppData\Local\setup44132212.exe
      C:\Users\Admin\AppData\Local\setup44132212.exe hhwnd=459184 hreturntoinstaller hextras=id:6799040925c8e05-FR-9rKOy
      2⤵
      • Checks for any installed AV software in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2948
    • C:\Users\Admin\AppData\Local\setup44132212.exe
      C:\Users\Admin\AppData\Local\setup44132212.exe hready
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2464

Network

  • flag-us
    DNS
    www.dlsft.com
    Solara New Bootstrapper_44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    www.dlsft.com
    IN A
    Response
    www.dlsft.com
    IN CNAME
    dlsft.com
    dlsft.com
    IN A
    35.190.60.70
  • flag-us
    GET
    https://www.dlsft.com/geo/
    Solara New Bootstrapper_44132212.exe
    Remote address:
    35.190.60.70:443
    Request
    GET /geo/ HTTP/1.1
    User-Agent: Mozilla/5.0
    Host: www.dlsft.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 27 Sep 2024 13:24:57 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 18
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    POST
    https://www.dlsft.com/service.php
    Solara New Bootstrapper_44132212.exe
    Remote address:
    35.190.60.70:443
    Request
    POST /service.php HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0
    Host: www.dlsft.com
    Content-Length: 35
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 27 Sep 2024 13:24:57 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 288
    Vary: Accept-Encoding
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    c.pki.goog
    Solara New Bootstrapper_44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.187.227
  • flag-gb
    GET
    http://c.pki.goog/r/r1.crl
    Solara New Bootstrapper_44132212.exe
    Remote address:
    142.250.187.227:80
    Request
    GET /r/r1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 854
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 27 Sep 2024 13:13:07 GMT
    Expires: Fri, 27 Sep 2024 14:03:07 GMT
    Cache-Control: public, max-age=3000
    Age: 706
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    Solara New Bootstrapper_44132212.exe
    Remote address:
    142.250.187.227:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 27 Sep 2024 13:12:51 GMT
    Expires: Fri, 27 Sep 2024 14:02:51 GMT
    Cache-Control: public, max-age=3000
    Age: 726
    Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    Solara New Bootstrapper_44132212.exe
    Remote address:
    142.250.187.227:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 27 Sep 2024 13:12:51 GMT
    Expires: Fri, 27 Sep 2024 14:02:51 GMT
    Cache-Control: public, max-age=3000
    Age: 726
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    o.pki.goog
    Solara New Bootstrapper_44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    o.pki.goog
    IN A
    Response
    o.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.187.227
  • flag-gb
    GET
    http://o.pki.goog/s/wr3/P5k/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCED%2BZ8T58jUdVEjMJ%2F%2B4wrmA%3D
    Solara New Bootstrapper_44132212.exe
    Remote address:
    142.250.187.227:80
    Request
    GET /s/wr3/P5k/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCED%2BZ8T58jUdVEjMJ%2F%2B4wrmA%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/sytroprc:52:0
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
    Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/sytroprc:52:0"}],}
    Server: scaffolding on HTTPServer2
    Content-Length: 471
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Fri, 27 Sep 2024 12:35:48 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 2949
  • flag-gb
    GET
    http://o.pki.goog/s/wr3/8P0/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQDw%2FUGxHny0WAqhsOMFz467
    Solara New Bootstrapper_44132212.exe
    Remote address:
    142.250.187.227:80
    Request
    GET /s/wr3/8P0/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQDw%2FUGxHny0WAqhsOMFz467 HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/sytroprc:52:0
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
    Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/sytroprc:52:0"}],}
    Server: scaffolding on HTTPServer2
    Content-Length: 472
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Fri, 27 Sep 2024 12:35:48 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 2949
  • flag-us
    DNS
    dlsft.com
    Solara New Bootstrapper_44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    dlsft.com
    IN A
    Response
    dlsft.com
    IN A
    35.190.60.70
  • flag-us
    POST
    https://dlsft.com/callback.php
    Solara New Bootstrapper_44132212.exe
    Remote address:
    35.190.60.70:443
    Request
    POST /callback.php HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0
    Host: dlsft.com
    Content-Length: 40
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 27 Sep 2024 13:24:57 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    POST
    https://dlsft.com/callback.php
    Solara New Bootstrapper_44132212.exe
    Remote address:
    35.190.60.70:443
    Request
    POST /callback.php HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0
    Host: dlsft.com
    Content-Length: 40
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 27 Sep 2024 13:25:21 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    POST
    https://dlsft.com/callback.php
    Solara New Bootstrapper_44132212.exe
    Remote address:
    35.190.60.70:443
    Request
    POST /callback.php HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0
    Host: dlsft.com
    Content-Length: 42
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 27 Sep 2024 13:25:32 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    getmyfilenow.com
    Solara New Bootstrapper_44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    getmyfilenow.com
    IN A
    Response
    getmyfilenow.com
    IN A
    104.21.50.104
    getmyfilenow.com
    IN A
    172.67.204.186
  • flag-us
    GET
    https://getmyfilenow.com/setup
    Solara New Bootstrapper_44132212.exe
    Remote address:
    104.21.50.104:443
    Request
    GET /setup HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: getmyfilenow.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:24:57 GMT
    Content-Type: application/octet-stream
    Content-Length: 4018880
    Connection: keep-alive
    x-powered-by: Express
    cache-control: no-store
    content-disposition: attachment; filename="setup.exe"
    accept-ranges: bytes
    last-modified: Thu, 19 Sep 2024 12:17:51 GMT
    etag: W/"3d52c0-1920a37a536"
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VJPXmwx48eNDgE2QRPZP5SG6CpVQ%2F4Bh91DU8u25DrOf8t%2B%2FGzHzt060BdotvBHwUvCjarqoFh3qMj7%2FK%2FKbCDWPKcMVjImAzPx160xsrf7KJA1MGSo7Y2vHxiBZZZgZOdsi"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c9bd1240fa8732d-LHR
  • flag-us
    DNS
    www.google.com
    setup44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    216.58.201.100
  • flag-us
    DNS
    flow.lavasoft.com
    setup44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    flow.lavasoft.com
    IN A
    Response
    flow.lavasoft.com
    IN A
    104.16.148.130
    flow.lavasoft.com
    IN A
    104.16.149.130
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleInstallStart HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 2288
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:01 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd13a2e5e4887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=PageShown HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 272
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:01 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd13b88e44887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffers
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleProposedOffers HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 11186
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:02 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd14069c34887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleOfferRejected HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 468
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:02 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd141ac514887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 432
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:02 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1428dc24887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 420
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:03 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd148afbc4887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleOfferRejected HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 467
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:04 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd14e48f24887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 409
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:04 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd14f2a1c4887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 400
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:04 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1503be44887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApproved
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleOffersApproved HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 740
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:06 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd159399c4887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferPageShowDelay
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferPageShowDelay HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 336
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:24 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1cc68544887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PostbackRequest
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=PostbackRequest HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 342
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:24 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1cdca8c4887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferShown
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferShown HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 490
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:25 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1cebbf64887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=PageShown HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 267
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:25 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1d2ca0b4887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferCancelRecover
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferCancelRecover HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 406
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:28 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1e789f64887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=CancelRecover
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=CancelRecover HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 260
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:29 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1e86b314887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PostbackRequest
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=PostbackRequest HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 342
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:31 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1f4386b4887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferShown
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferShown HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 467
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:31 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd1f66ca04887-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown
    setup44132212.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=PageShown HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Length: 267
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:33 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd200cd7d4887-LHR
  • flag-us
    DNS
    sos.adaware.com
    setup44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    sos.adaware.com
    IN A
    Response
    sos.adaware.com
    IN A
    104.16.212.94
    sos.adaware.com
    IN A
    104.16.213.94
  • flag-us
    POST
    https://sos.adaware.com/v1/bundle/list?bundleId=DT001
    setup44132212.exe
    Remote address:
    104.16.212.94:443
    Request
    POST /v1/bundle/list?bundleId=DT001 HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Content-Type: application/json;charset=utf-8
    Host: sos.adaware.com
    Content-Length: 348
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:02 GMT
    Content-Type: application/json
    Content-Length: 16907
    Connection: keep-alive
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8c9bd13b3cf8bee9-LHR
  • flag-us
    GET
    https://sos.adaware.com/v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df
    setup44132212.exe
    Remote address:
    104.16.212.94:443
    Request
    GET /v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Host: sos.adaware.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:02 GMT
    Content-Type: application/json
    Content-Length: 218009
    Connection: keep-alive
    Last-Modified: Fri, 27 Sep 2024 12:44:00 GMT
    CF-Cache-Status: HIT
    Age: 1320
    Expires: Fri, 27 Sep 2024 13:55:02 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8c9bd1407c4cbee9-LHR
  • flag-us
    GET
    https://sos.adaware.com/v1/offer/detail?_id=2e689ead9de434c5ff65a06c4a89eb781f997d6b
    setup44132212.exe
    Remote address:
    104.16.212.94:443
    Request
    GET /v1/offer/detail?_id=2e689ead9de434c5ff65a06c4a89eb781f997d6b HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Host: sos.adaware.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:03 GMT
    Content-Type: application/json
    Content-Length: 89846
    Connection: keep-alive
    Last-Modified: Fri, 27 Sep 2024 12:48:57 GMT
    CF-Cache-Status: HIT
    Age: 614
    Expires: Fri, 27 Sep 2024 13:55:03 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8c9bd146ed83bee9-LHR
  • flag-us
    GET
    https://sos.adaware.com/v1/offer/detail?_id=9ca0dabba861da0abbdcd9954f0d6b14b3f00d62
    setup44132212.exe
    Remote address:
    104.16.212.94:443
    Request
    GET /v1/offer/detail?_id=9ca0dabba861da0abbdcd9954f0d6b14b3f00d62 HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Host: sos.adaware.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:03 GMT
    Content-Type: application/json
    Content-Length: 3671
    Connection: keep-alive
    Last-Modified: Fri, 27 Sep 2024 13:25:03 GMT
    CF-Cache-Status: EXPIRED
    Expires: Fri, 27 Sep 2024 13:55:03 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8c9bd148a92dbee9-LHR
  • flag-us
    GET
    https://sos.adaware.com/v1/offer/detail?_id=b53f3407b38d6a472cf2a396a0ddb626ca0e87fb
    setup44132212.exe
    Remote address:
    104.16.212.94:443
    Request
    GET /v1/offer/detail?_id=b53f3407b38d6a472cf2a396a0ddb626ca0e87fb HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Referer: https://www.adaware.com
    installid: 128ad32e-b445-4dfa-b739-4bc726401d5d
    Host: sos.adaware.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:02 GMT
    Content-Type: application/json
    Content-Length: 44624
    Connection: keep-alive
    Last-Modified: Fri, 27 Sep 2024 12:44:00 GMT
    CF-Cache-Status: HIT
    Age: 1320
    Expires: Fri, 27 Sep 2024 13:55:02 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8c9bd141092348bc-LHR
  • flag-us
    DNS
    download.enigmasoftware.com
    setup44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    download.enigmasoftware.com
    IN A
    Response
    download.enigmasoftware.com
    IN A
    65.9.95.67
    download.enigmasoftware.com
    IN A
    65.9.95.28
    download.enigmasoftware.com
    IN A
    65.9.95.100
    download.enigmasoftware.com
    IN A
    65.9.95.82
  • flag-cz
    HEAD
    https://download.enigmasoftware.com/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe
    setup44132212.exe
    Remote address:
    65.9.95.67:443
    Request
    HEAD /spyhunter-free-download/silent/lav/SpyHunter-Installer.exe HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Host: download.enigmasoftware.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Content-Length: 0
    Connection: keep-alive
    Date: Thu, 26 Sep 2024 17:49:28 GMT
    Location: https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe
    Server: AmazonS3
    X-Cache: Hit from cloudfront
    Via: 1.1 db66f1cc00a415c34c42ad011b26850c.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: PRG50-C1
    X-Amz-Cf-Id: -GkL0xpIAgk4xVhs1Gd0rc2PTvPf7LpgLWU1VHPHQa4VbB17J7lhoQ==
    Age: 70536
  • flag-us
    DNS
    spyhunter-download-v2.b-cdn.net
    setup44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    spyhunter-download-v2.b-cdn.net
    IN A
    Response
    spyhunter-download-v2.b-cdn.net
    IN A
    79.127.237.132
  • flag-gb
    HEAD
    https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe
    setup44132212.exe
    Remote address:
    79.127.237.132:443
    Request
    HEAD /spyhunter-free-download/silent/lav/SpyHunter-Installer.exe HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Host: spyhunter-download-v2.b-cdn.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:24:55 GMT
    Content-Type: application/octet-stream
    Content-Length: 7195168
    Connection: keep-alive
    Server: BunnyCDN-UK1-1205
    CDN-PullZone: 1053841
    CDN-Uid: 27a71848-22f2-45db-b801-7c7517de9523
    CDN-RequestCountryCode: GB
    Cache-Control: public, max-age=2592000
    ETag: "ca190cef80d1e0e056e91d7a909a5edb"
    Last-Modified: Tue, 19 Dec 2023 14:00:16 GMT
    x-amz-id-2: G9oVkqT2iIeAuneL/c57oawY0rbXh1sQsq7iJf7Ts52OBcRL1IPRUDVz/1aAeSif5lsFcUunX4L0qY7lbj13kapZ6YhPnI5C
    x-amz-request-id: 1BA540ZVX9ZGQ7K8
    x-amz-server-side-encryption: AES256
    x-amz-meta-cb-modifiedtime: Mon, 11 Dec 2023 17:24:31 GMT
    CDN-ProxyVer: 1.04
    CDN-RequestPullSuccess: True
    CDN-RequestPullCode: 200
    CDN-CachedAt: 07/04/2024 19:42:20
    CDN-EdgeStorageId: 886
    CDN-Status: 200
    CDN-RequestTime: 0
    CDN-RequestId: a761c8a13d9a5798716d6c21a1ea0262
    CDN-Cache: HIT
    Accept-Ranges: bytes
  • flag-gb
    HEAD
    https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe
    setup44132212.exe
    Remote address:
    79.127.237.132:443
    Request
    HEAD /spyhunter-free-download/silent/lav/SpyHunter-Installer.exe HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Host: spyhunter-download-v2.b-cdn.net
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:24:55 GMT
    Content-Type: application/octet-stream
    Content-Length: 7195168
    Connection: keep-alive
    Server: BunnyCDN-UK1-1205
    CDN-PullZone: 1053841
    CDN-Uid: 27a71848-22f2-45db-b801-7c7517de9523
    CDN-RequestCountryCode: GB
    Cache-Control: public, max-age=2592000
    ETag: "ca190cef80d1e0e056e91d7a909a5edb"
    Last-Modified: Tue, 19 Dec 2023 14:00:16 GMT
    x-amz-id-2: G9oVkqT2iIeAuneL/c57oawY0rbXh1sQsq7iJf7Ts52OBcRL1IPRUDVz/1aAeSif5lsFcUunX4L0qY7lbj13kapZ6YhPnI5C
    x-amz-request-id: 1BA540ZVX9ZGQ7K8
    x-amz-server-side-encryption: AES256
    x-amz-meta-cb-modifiedtime: Mon, 11 Dec 2023 17:24:31 GMT
    CDN-ProxyVer: 1.04
    CDN-RequestPullSuccess: True
    CDN-RequestPullCode: 200
    CDN-CachedAt: 07/04/2024 19:42:20
    CDN-EdgeStorageId: 886
    CDN-Status: 200
    CDN-RequestTime: 0
    CDN-RequestId: 4c62a02006885df59a254abf4b10e86b
    CDN-Cache: HIT
    Accept-Ranges: bytes
  • flag-us
    DNS
    download2021.pdf-suite.com
    setup44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    download2021.pdf-suite.com
    IN A
    Response
    download2021.pdf-suite.com
    IN A
    104.21.57.28
    download2021.pdf-suite.com
    IN A
    172.67.158.191
  • flag-us
    HEAD
    https://download2021.pdf-suite.com/get-app.aspx?configid=5A17D912-2B3D-4BB2-B4B2-8C355A2716C7&partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install
    setup44132212.exe
    Remote address:
    104.21.57.28:443
    Request
    HEAD /get-app.aspx?configid=5A17D912-2B3D-4BB2-B4B2-8C355A2716C7&partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Host: download2021.pdf-suite.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Fri, 27 Sep 2024 13:25:03 GMT
    Content-Type: text/html
    Content-Length: 167
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Fri, 27 Sep 2024 14:25:03 GMT
    Location: https://download20.pdf-suite.com/get-app.aspx?configid=5A17D912-2B3D-4BB2-B4B2-8C355A2716C7&partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ncqEzhOeGT0qfUWjWECMv5ggRlbm8bTW4KCEwfvM770VHvySao1oAPDBHS2cqMOztCV9moRNlqgEE180Snyr4q6ROkZGcNbTTduhQbeNn3infuZESIG9C42VEDJHhVNFMrh8V%2BoRIfaZmnMGLw%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Speculation-Rules: "/cdn-cgi/speculation"
    Server: cloudflare
    CF-RAY: 8c9bd149680294fd-LHR
  • flag-us
    DNS
    download20.pdf-suite.com
    setup44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    download20.pdf-suite.com
    IN A
    Response
    download20.pdf-suite.com
    IN A
    198.72.111.246
  • flag-ca
    DNS
    setup44132212.exe
    Remote address:
    198.72.111.246:443
    Response
    HTTP/1.0 400 Bad request
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • flag-us
    DNS
    package.avira.com
    setup44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    package.avira.com
    IN A
    Response
    package.avira.com
    IN CNAME
    package.avira.com.edgekey.net
    package.avira.com.edgekey.net
    IN CNAME
    e11356.dscd.akamaiedge.net
    e11356.dscd.akamaiedge.net
    IN A
    2.23.221.169
  • flag-gb
    HEAD
    https://package.avira.com/download/spotlight-windows-bootstrapper/avira__sptl1___lavasoft.exe
    setup44132212.exe
    Remote address:
    2.23.221.169:443
    Request
    HEAD /download/spotlight-windows-bootstrapper/avira__sptl1___lavasoft.exe HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Host: package.avira.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Length: 6738360
    Content-Type: application/octet-stream
    ETag: "3ad6f1d43acfdb4533ade2e597f09ecd:1714050938.698466"
    Last-Modified: Thu, 25 Apr 2024 13:15:38 GMT
    Server: AkamaiNetStorage
    Date: Fri, 27 Sep 2024 13:25:04 GMT
    Connection: keep-alive
  • flag-gb
    HEAD
    https://package.avira.com/download/spotlight-windows-bootstrapper/avira__sptl1___lavasoft.exe
    setup44132212.exe
    Remote address:
    2.23.221.169:443
    Request
    HEAD /download/spotlight-windows-bootstrapper/avira__sptl1___lavasoft.exe HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Host: package.avira.com
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Length: 6738360
    Content-Type: application/octet-stream
    ETag: "3ad6f1d43acfdb4533ade2e597f09ecd:1714050938.698466"
    Last-Modified: Thu, 25 Apr 2024 13:15:38 GMT
    Server: AkamaiNetStorage
    Date: Fri, 27 Sep 2024 13:25:04 GMT
    Connection: keep-alive
  • flag-us
    DNS
    webcompanion.com
    setup44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    webcompanion.com
    IN A
    Response
    webcompanion.com
    IN A
    104.19.208.152
    webcompanion.com
    IN A
    104.19.159.224
  • flag-us
    HEAD
    http://webcompanion.com/nano_download.php?partner=IT200301
    setup44132212.exe
    Remote address:
    104.19.208.152:80
    Request
    HEAD /nano_download.php?partner=IT200301 HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Host: webcompanion.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:05 GMT
    Content-Type: application/octet-stream
    Content-Length: 564704
    Connection: keep-alive
    X-Powered-By: PHP/7.2.34
    Expires: Fri, 27 Sep 2024 13:30:05 GMT
    Cache-Control: public, max-age=300
    Pragma: public
    Content-Disposition: attachment; filename=WcInstaller.exe
    Content-Transfer-Encoding: binary
    Last-Modified: Fri, 27 Sep 2024 13:25:05 GMT
    CF-Cache-Status: EXPIRED
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8c9bd14f9c58bea0-LHR
  • flag-us
    HEAD
    http://webcompanion.com/nano_download.php?partner=IT200301
    setup44132212.exe
    Remote address:
    104.19.208.152:80
    Request
    HEAD /nano_download.php?partner=IT200301 HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 6.1.7601 Service Pack 1; x64; H2O/7.14.2.0)
    Host: webcompanion.com
    Response
    HTTP/1.1 200 OK
    Date: Fri, 27 Sep 2024 13:25:06 GMT
    Content-Type: application/octet-stream
    Content-Length: 564704
    Connection: keep-alive
    X-Powered-By: PHP/7.2.34
    Expires: Fri, 27 Sep 2024 13:30:05 GMT
    Cache-Control: public, max-age=300
    Pragma: public
    Content-Disposition: attachment; filename=WcInstaller.exe
    Content-Transfer-Encoding: binary
    Last-Modified: Fri, 27 Sep 2024 13:25:05 GMT
    CF-Cache-Status: EXPIRED
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8c9bd153ebe3bea0-LHR
  • flag-us
    DNS
    net.geo.opera.com
    Solara New Bootstrapper_44132212.exe
    Remote address:
    8.8.8.8:53
    Request
    net.geo.opera.com
    IN A
    Response
    net.geo.opera.com
    IN CNAME
    eu.net.opera.com
    eu.net.opera.com
    IN A
    185.26.182.111
    eu.net.opera.com
    IN A
    185.26.182.112
  • 35.190.60.70:443
    https://www.dlsft.com/service.php
    tls, http
    Solara New Bootstrapper_44132212.exe
    1.3kB
     6.2kB
     14
    16

    HTTP Request

    GET https://www.dlsft.com/geo/

    HTTP Response

    200

    HTTP Request

    POST https://www.dlsft.com/service.php

    HTTP Response

    200
  • 142.250.187.227:80
    http://c.pki.goog/r/r4.crl
    http
    Solara New Bootstrapper_44132212.exe
    810 B
     5.7kB
     10
    8

    HTTP Request

    GET http://c.pki.goog/r/r1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 142.250.187.227:80
    http://o.pki.goog/s/wr3/8P0/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQDw%2FUGxHny0WAqhsOMFz467
    http
    Solara New Bootstrapper_44132212.exe
    902 B
     3.6kB
     9
    5

    HTTP Request

    GET http://o.pki.goog/s/wr3/P5k/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCED%2BZ8T58jUdVEjMJ%2F%2B4wrmA%3D

    HTTP Response

    200

    HTTP Request

    GET http://o.pki.goog/s/wr3/8P0/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQDw%2FUGxHny0WAqhsOMFz467

    HTTP Response

    200
  • 35.190.60.70:443
    https://dlsft.com/callback.php
    tls, http
    Solara New Bootstrapper_44132212.exe
    1.7kB
     5.9kB
     14
    15

    HTTP Request

    POST https://dlsft.com/callback.php

    HTTP Response

    200

    HTTP Request

    POST https://dlsft.com/callback.php

    HTTP Response

    200

    HTTP Request

    POST https://dlsft.com/callback.php

    HTTP Response

    200
  • 104.21.50.104:443
    https://getmyfilenow.com/setup
    tls, http
    Solara New Bootstrapper_44132212.exe
    111.2kB
     4.2MB
     2141
    3024

    HTTP Request

    GET https://getmyfilenow.com/setup

    HTTP Response

    200
  • 104.16.148.130:443
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown
    tls, http
    setup44132212.exe
    31.3kB
     17.4kB
     73
    87

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffers

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApproved

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferPageShowDelay

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PostbackRequest

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferShown

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferCancelRecover

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=CancelRecover

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PostbackRequest

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferShown

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown

    HTTP Response

    200
  • 104.16.212.94:443
    https://sos.adaware.com/v1/offer/detail?_id=9ca0dabba861da0abbdcd9954f0d6b14b3f00d62
    tls, http
    setup44132212.exe
    8.9kB
     346.5kB
     151
    283

    HTTP Request

    POST https://sos.adaware.com/v1/bundle/list?bundleId=DT001

    HTTP Response

    200

    HTTP Request

    GET https://sos.adaware.com/v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df

    HTTP Response

    200

    HTTP Request

    GET https://sos.adaware.com/v1/offer/detail?_id=2e689ead9de434c5ff65a06c4a89eb781f997d6b

    HTTP Response

    200

    HTTP Request

    GET https://sos.adaware.com/v1/offer/detail?_id=9ca0dabba861da0abbdcd9954f0d6b14b3f00d62

    HTTP Response

    200
  • 104.16.212.94:443
    https://sos.adaware.com/v1/offer/detail?_id=b53f3407b38d6a472cf2a396a0ddb626ca0e87fb
    tls, http
    setup44132212.exe
    2.0kB
     50.7kB
     31
    48

    HTTP Request

    GET https://sos.adaware.com/v1/offer/detail?_id=b53f3407b38d6a472cf2a396a0ddb626ca0e87fb

    HTTP Response

    200
  • 65.9.95.67:443
    https://download.enigmasoftware.com/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe
    tls, http
    setup44132212.exe
    1.1kB
     6.4kB
     11
    10

    HTTP Request

    HEAD https://download.enigmasoftware.com/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

    HTTP Response

    301
  • 79.127.237.132:443
    https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe
    tls, http
    setup44132212.exe
    1.4kB
     7.5kB
     10
    11

    HTTP Request

    HEAD https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

    HTTP Response

    200

    HTTP Request

    HEAD https://spyhunter-download-v2.b-cdn.net/spyhunter-free-download/silent/lav/SpyHunter-Installer.exe

    HTTP Response

    200
  • 104.21.57.28:443
    https://download2021.pdf-suite.com/get-app.aspx?configid=5A17D912-2B3D-4BB2-B4B2-8C355A2716C7&partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install
    tls, http
    setup44132212.exe
    1.1kB
     4.9kB
     10
    9

    HTTP Request

    HEAD https://download2021.pdf-suite.com/get-app.aspx?configid=5A17D912-2B3D-4BB2-B4B2-8C355A2716C7&partner=pdfsuite_h2o&uid=1016732&cmp=h2o_2021&mkey1=h2o&mkey2=h2o-install

    HTTP Response

    301
  • 198.72.111.246:443
    download20.pdf-suite.com
    tls, http
    setup44132212.exe
    740 B
     4.1kB
     9
    11

    HTTP Response

    400
  • 198.72.111.246:443
    download20.pdf-suite.com
    tls
    setup44132212.exe
    428 B
     389 B
     5
    5
  • 2.23.221.169:443
    https://package.avira.com/download/spotlight-windows-bootstrapper/avira__sptl1___lavasoft.exe
    tls, http
    setup44132212.exe
    1.3kB
     4.8kB
     10
    11

    HTTP Request

    HEAD https://package.avira.com/download/spotlight-windows-bootstrapper/avira__sptl1___lavasoft.exe

    HTTP Response

    200

    HTTP Request

    HEAD https://package.avira.com/download/spotlight-windows-bootstrapper/avira__sptl1___lavasoft.exe

    HTTP Response

    200
  • 104.19.208.152:80
    http://webcompanion.com/nano_download.php?partner=IT200301
    http
    setup44132212.exe
    636 B
     1.3kB
     6
    6

    HTTP Request

    HEAD http://webcompanion.com/nano_download.php?partner=IT200301

    HTTP Response

    200

    HTTP Request

    HEAD http://webcompanion.com/nano_download.php?partner=IT200301

    HTTP Response

    200
  • 185.26.182.111:443
    net.geo.opera.com
    tls
    Solara New Bootstrapper_44132212.exe
    656 B
     3.3kB
     8
    7
  • 8.8.8.8:53
    www.dlsft.com
    dns
    Solara New Bootstrapper_44132212.exe
    59 B
     89 B
     1
    1

    DNS Request

    www.dlsft.com

    DNS Response

    35.190.60.70

  • 8.8.8.8:53
    c.pki.goog
    dns
    Solara New Bootstrapper_44132212.exe
    56 B
     107 B
     1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.187.227

  • 8.8.8.8:53
    o.pki.goog
    dns
    Solara New Bootstrapper_44132212.exe
    56 B
     107 B
     1
    1

    DNS Request

    o.pki.goog

    DNS Response

    142.250.187.227

  • 8.8.8.8:53
    dlsft.com
    dns
    Solara New Bootstrapper_44132212.exe
    55 B
     71 B
     1
    1

    DNS Request

    dlsft.com

    DNS Response

    35.190.60.70

  • 8.8.8.8:53
    getmyfilenow.com
    dns
    Solara New Bootstrapper_44132212.exe
    62 B
     94 B
     1
    1

    DNS Request

    getmyfilenow.com

    DNS Response

    104.21.50.104
    172.67.204.186

  • 8.8.8.8:53
    www.google.com
    dns
    setup44132212.exe
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    216.58.201.100

  • 8.8.8.8:53
    flow.lavasoft.com
    dns
    setup44132212.exe
    63 B
     95 B
     1
    1

    DNS Request

    flow.lavasoft.com

    DNS Response

    104.16.148.130
    104.16.149.130

  • 8.8.8.8:53
    sos.adaware.com
    dns
    setup44132212.exe
    61 B
     93 B
     1
    1

    DNS Request

    sos.adaware.com

    DNS Response

    104.16.212.94
    104.16.213.94

  • 8.8.8.8:53
    download.enigmasoftware.com
    dns
    setup44132212.exe
    73 B
     137 B
     1
    1

    DNS Request

    download.enigmasoftware.com

    DNS Response

    65.9.95.67
    65.9.95.28
    65.9.95.100
    65.9.95.82

  • 8.8.8.8:53
    spyhunter-download-v2.b-cdn.net
    dns
    setup44132212.exe
    77 B
     93 B
     1
    1

    DNS Request

    spyhunter-download-v2.b-cdn.net

    DNS Response

    79.127.237.132

  • 8.8.8.8:53
    download2021.pdf-suite.com
    dns
    setup44132212.exe
    72 B
     104 B
     1
    1

    DNS Request

    download2021.pdf-suite.com

    DNS Response

    104.21.57.28
    172.67.158.191

  • 8.8.8.8:53
    download20.pdf-suite.com
    dns
    setup44132212.exe
    70 B
     86 B
     1
    1

    DNS Request

    download20.pdf-suite.com

    DNS Response

    198.72.111.246

  • 8.8.8.8:53
    package.avira.com
    dns
    setup44132212.exe
    63 B
     159 B
     1
    1

    DNS Request

    package.avira.com

    DNS Response

    2.23.221.169

  • 8.8.8.8:53
    webcompanion.com
    dns
    setup44132212.exe
    62 B
     94 B
     1
    1

    DNS Request

    webcompanion.com

    DNS Response

    104.19.208.152
    104.19.159.224

  • 8.8.8.8:53
    net.geo.opera.com
    dns
    Solara New Bootstrapper_44132212.exe
    63 B
     116 B
     1
    1

    DNS Request

    net.geo.opera.com

    DNS Response

    185.26.182.111
    185.26.182.112

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    074df4405dec87cdaee625f963f67ec7

    SHA1

    c4dd6724bd57d82bf64ea822c25ff0cfaf321aa6

    SHA256

    fa5f90951cebe03a9aa21af72e600757cf129d283b36a998155946940b794c49

    SHA512

    ddb54dfbeedb88711b88465d5899ff7c117b605b2ddc7218f21d67faa8a6c11ad66c3bb8bceb63244ccf9bdab9a24a5216721053b6059eaef29e0448172057ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd0f87ecf8f8055b86bf10a3f4f54a54

    SHA1

    3a91bb0baddae437bf60662c134cda5cb85495a5

    SHA256

    c3deb5c097ca444683508ea23cc9e4138b121f15a4c38b9515185fa4030ca9a0

    SHA512

    c8dde0a65c1b22763a50ba0b915e8714eb8b7fc019f3a47ee7a22647d5a94ba691c7862b01d0b1cbcfc4332eec4675ff871c6b63cb43938d33367ea9a1a2924c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE4F2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE515.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll
    Filesize

    57KB

    MD5

    6e001f8d0ee4f09a6673a9e8168836b6

    SHA1

    334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

    SHA256

    6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

    SHA512

    0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll
    Filesize

    117KB

    MD5

    08112f27dcd8f1d779231a7a3e944cb1

    SHA1

    39a98a95feb1b6295ad762e22aa47854f57c226f

    SHA256

    11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

    SHA512

    afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll
    Filesize

    15KB

    MD5

    422be1a0c08185b107050fcf32f8fa40

    SHA1

    c8746a8dad7b4bf18380207b0c7c848362567a92

    SHA256

    723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

    SHA512

    dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll
    Filesize

    75KB

    MD5

    c06ac6dcfa7780cd781fc9af269e33c0

    SHA1

    f6b69337b369df50427f6d5968eb75b6283c199d

    SHA256

    b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

    SHA512

    ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll
    Filesize

    19KB

    MD5

    554c3e1d68c8b5d04ca7a2264ca44e71

    SHA1

    ef749e325f52179e6875e9b2dd397bee2ca41bb4

    SHA256

    1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

    SHA512

    58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll
    Filesize

    160KB

    MD5

    6df226bda27d26ce4523b80dbf57a9ea

    SHA1

    615f9aba84856026460dc54b581711dad63da469

    SHA256

    17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

    SHA512

    988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll
    Filesize

    119KB

    MD5

    9d2c520bfa294a6aa0c5cbc6d87caeec

    SHA1

    20b390db533153e4bf84f3d17225384b924b391f

    SHA256

    669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

    SHA512

    7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll
    Filesize

    8KB

    MD5

    be4c2b0862d2fc399c393fca163094df

    SHA1

    7c03c84b2871c27fa0f1914825e504a090c2a550

    SHA256

    c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

    SHA512

    d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll
    Filesize

    56KB

    MD5

    f931e960cc4ed0d2f392376525ff44db

    SHA1

    1895aaa8f5b8314d8a4c5938d1405775d3837109

    SHA256

    1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

    SHA512

    7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll
    Filesize

    133KB

    MD5

    8db691813a26e7d0f1db5e2f4d0d05e3

    SHA1

    7c7a33553dd0b50b78bf0ca6974c77088da253eb

    SHA256

    3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

    SHA512

    d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll
    Filesize

    172KB

    MD5

    b199dcd6824a02522a4d29a69ab65058

    SHA1

    f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

    SHA256

    9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

    SHA512

    1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html
    Filesize

    1KB

    MD5

    9ba0a91b564e22c876e58a8a5921b528

    SHA1

    8eb23cab5effc0d0df63120a4dbad3cffcac6f1e

    SHA256

    2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941

    SHA512

    38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

    Download Submit

  • C:\Users\Admin\AppData\Local\setup44132212.exe
    Filesize

    3.8MB

    MD5

    29d3a70cec060614e1691e64162a6c1e

    SHA1

    ce4daf2b1d39a1a881635b393450e435bfb7f7d1

    SHA256

    cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

    SHA512

    69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll
    Filesize

    5.7MB

    MD5

    38cc1b5c2a4c510b8d4930a3821d7e0b

    SHA1

    f06d1d695012ace0aef7a45e340b70981ca023ba

    SHA256

    c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2

    SHA512

    99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll
    Filesize

    154KB

    MD5

    17220f65bd242b6a491423d5bb7940c1

    SHA1

    a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

    SHA256

    23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

    SHA512

    bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll
    Filesize

    168KB

    MD5

    28f1996059e79df241388bd9f89cf0b1

    SHA1

    6ad6f7cde374686a42d9c0fcebadaf00adf21c76

    SHA256

    c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

    SHA512

    9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll
    Filesize

    541KB

    MD5

    9de86cdf74a30602d6baa7affc8c4a0f

    SHA1

    9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

    SHA256

    56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

    SHA512

    dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll
    Filesize

    134KB

    MD5

    105a9e404f7ac841c46380063cc27f50

    SHA1

    ec27d9e1c3b546848324096283797a8644516ee3

    SHA256

    69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

    SHA512

    6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll
    Filesize

    101KB

    MD5

    83d37fb4f754c7f4e41605ec3c8608ea

    SHA1

    70401de8ce89f809c6e601834d48768c0d65159f

    SHA256

    56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

    SHA512

    f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll
    Filesize

    151KB

    MD5

    72990c7e32ee6c811ea3d2ea64523234

    SHA1

    a7fcbf83ec6eefb2235d40f51d0d6172d364b822

    SHA256

    e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

    SHA512

    2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll
    Filesize

    426KB

    MD5

    8ff1898897f3f4391803c7253366a87b

    SHA1

    9bdbeed8f75a892b6b630ef9e634667f4c620fa0

    SHA256

    51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

    SHA512

    cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\sciter32.dll
    Filesize

    5.6MB

    MD5

    b431083586e39d018e19880ad1a5ce8f

    SHA1

    3bbf957ab534d845d485a8698accc0a40b63cedd

    SHA256

    b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

    SHA512

    7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll
    Filesize

    74KB

    MD5

    1a84957b6e681fca057160cd04e26b27

    SHA1

    8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

    SHA256

    9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

    SHA512

    5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

    Download Submit

  • memory/2948-148-0x0000000004BC0000-0x0000000004BDD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2948-164-0x0000000005050000-0x0000000005062000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2948-136-0x0000000004B90000-0x0000000004BBC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2948-128-0x0000000004590000-0x0000000004598000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2948-265-0x0000000005C20000-0x0000000005CAC000-memory.dmp

    Filesize

    560KB

    Download

  • memory/2948-272-0x0000000005550000-0x000000000555A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2948-120-0x00000000023F0000-0x00000000023FA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2948-104-0x00000000023A0000-0x00000000023BA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2948-96-0x0000000002360000-0x0000000002392000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2948-80-0x00000000022B0000-0x00000000022DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2948-112-0x00000000023C0000-0x00000000023E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2948-278-0x0000000005DF0000-0x0000000005DFC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2948-56-0x0000000000490000-0x00000000004A4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2948-88-0x00000000022E0000-0x0000000002308000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2948-286-0x00000000071C0000-0x0000000007774000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2948-64-0x00000000004C0000-0x00000000004E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2948-72-0x00000000007C0000-0x00000000007E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2948-313-0x0000000005FB0000-0x0000000005FDE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2948-50-0x0000000073A40000-0x000000007412E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2948-36-0x0000000000AD0000-0x0000000000EA8000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2948-556-0x0000000073A4E000-0x0000000073A4F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2948-557-0x0000000073A40000-0x000000007412E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2948-35-0x0000000073A4E000-0x0000000073A4F000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.