Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

infected/F...98.exe

windows7-x64

7

infected/F...98.exe

windows10-2004-x64

7

infected/I...er.exe

windows10-2004-x64

10

infected/R...ed.exe

windows7-x64

10

infected/R...ed.exe

windows10-2004-x64

10

infected/S...64.exe

windows7-x64

10

infected/S...64.exe

windows10-2004-x64

10

infected/b...kO.exe

windows7-x64

7

infected/b...kO.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2024, 02:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    infected/Furk Ultra_10298.exe

  • Size

    8.7MB

  • MD5

    98194b1fd3ceea50438976b40ea59d05

  • SHA1

    ed918fbb5765aa91e5c9d2c492ec00667478ac35

  • SHA256

    3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19

  • SHA512

    9587acb23ee51e4743c5399b78b64f2a0e87e2413cd56e220df8c08ebe0f352ac0ca83c1826f09718876a6248057e9cbac0f38ee725de83b4ca7de4f805f30bf

  • SSDEEP

    196608:wu6nOE62LOa8ewFCrqNeuUG59Fa9FVDNWXVkHo/ly:MOb2C6wFCrqNZ529PDNs2Ho/k

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 15 IoCs
  • Checks for any installed AV software in registry 1 TTPs 8 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\infected\Furk Ultra_10298.exe
    "C:\Users\Admin\AppData\Local\Temp\infected\Furk Ultra_10298.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Users\Admin\AppData\Local\setup10298.exe
      C:\Users\Admin\AppData\Local\setup10298.exe hhwnd=458860 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3460
      • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.exe
        .\GenericSetup.exe hhwnd=458860 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks for any installed AV software in registry
        • System Location Discovery: System Language Discovery
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:1616

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.dlsft.com
    Furk Ultra_10298.exe
    Remote address:
    8.8.8.8:53
    Request
    www.dlsft.com
    IN A
    Response
    www.dlsft.com
    IN CNAME
    dlsft.com
    dlsft.com
    IN A
    35.190.60.70
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://www.dlsft.com/callback/geo/geo.php
    Furk Ultra_10298.exe
    Remote address:
    35.190.60.70:443
    Request
    GET /callback/geo/geo.php HTTP/1.1
    User-Agent: Mozilla/5.0
    Host: www.dlsft.com
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 05 Nov 2024 02:39:09 GMT
    Content-Type: text/html
    Content-Length: 1402
    Last-Modified: Fri, 23 Mar 2018 22:36:15 GMT
    ETag: "57a-5681c0d5965b4"
    Accept-Ranges: bytes
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://www.dlsft.com/callback/info.php?id=10298
    Furk Ultra_10298.exe
    Remote address:
    35.190.60.70:443
    Request
    GET /callback/info.php?id=10298 HTTP/1.1
    User-Agent: Mozilla/5.0
    Host: www.dlsft.com
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 05 Nov 2024 02:39:09 GMT
    Content-Type: text/html
    Content-Length: 1402
    Last-Modified: Fri, 23 Mar 2018 22:36:15 GMT
    ETag: "57a-5681c0d5965b4"
    Accept-Ranges: bytes
    Via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    c.pki.goog
    Furk Ultra_10298.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.187.227
  • flag-gb
    GET
    http://c.pki.goog/r/r1.crl
    Furk Ultra_10298.exe
    Remote address:
    142.250.187.227:80
    Request
    GET /r/r1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 854
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 05 Nov 2024 02:24:57 GMT
    Expires: Tue, 05 Nov 2024 03:14:57 GMT
    Cache-Control: public, max-age=3000
    Age: 852
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    o.pki.goog
    Furk Ultra_10298.exe
    Remote address:
    8.8.8.8:53
    Request
    o.pki.goog
    IN A
    Response
    o.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.187.227
  • flag-gb
    GET
    http://o.pki.goog/s/wr3/P5k/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCED%2BZ8T58jUdVEjMJ%2F%2B4wrmA%3D
    Furk Ultra_10298.exe
    Remote address:
    142.250.187.227:80
    Request
    GET /s/wr3/P5k/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCED%2BZ8T58jUdVEjMJ%2F%2B4wrmA%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: o.pki.goog
    Response
    HTTP/1.1 200 OK
    Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/sytroprc:52:0
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
    Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/sytroprc:52:0"}],}
    Server: scaffolding on HTTPServer2
    Content-Length: 471
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Date: Tue, 05 Nov 2024 01:32:12 GMT
    Cache-Control: public, max-age=14400
    Content-Type: application/ocsp-response
    Age: 4017
  • flag-us
    DNS
    70.60.190.35.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    70.60.190.35.in-addr.arpa
    IN PTR
    Response
    70.60.190.35.in-addr.arpa
    IN PTR
    706019035bcgoogleusercontentcom
  • flag-us
    DNS
    227.212.58.216.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    227.212.58.216.in-addr.arpa
    IN PTR
    Response
    227.212.58.216.in-addr.arpa
    IN PTR
    ams16s22-in-f31e100net
    227.212.58.216.in-addr.arpa
    IN PTR
    lhr25s28-in-f3�H
    227.212.58.216.in-addr.arpa
    IN PTR
    ams16s22-in-f227�H
  • flag-us
    DNS
    227.187.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    227.187.250.142.in-addr.arpa
    IN PTR
    Response
    227.187.250.142.in-addr.arpa
    IN PTR
    lhr25s34-in-f31e100net
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.google.com
    GenericSetup.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.180.4
  • flag-us
    DNS
    www.google.com
    GenericSetup.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
  • flag-us
    DNS
    www.google.com
    GenericSetup.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
  • flag-us
    DNS
    dlsft.com
    Furk Ultra_10298.exe
    Remote address:
    8.8.8.8:53
    Request
    dlsft.com
    IN A
    Response
    dlsft.com
    IN A
    35.190.60.70
  • flag-us
    DNS
    155.170.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    155.170.19.2.in-addr.arpa
    IN PTR
    Response
    155.170.19.2.in-addr.arpa
    IN PTR
    a2-19-170-155deploystaticakamaitechnologiescom
  • flag-us
    GET
    http://dlsft.com/callback/info.php?id=10298
    Furk Ultra_10298.exe
    Remote address:
    35.190.60.70:80
    Request
    GET /callback/info.php?id=10298 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: sciter 4.3.0.0; Windows-8; www.sciter.com)
    Host: dlsft.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 05 Nov 2024 02:39:12 GMT
    Content-Type: text/html
    Last-Modified: Fri, 23 Mar 2018 22:36:15 GMT
    ETag: W/"57a-5681c0d5965b4"
    Content-Encoding: gzip
    Via: 1.1 google
    Transfer-Encoding: chunked
  • flag-us
    POST
    http://dlsft.com/callback/geo/geo.php
    Furk Ultra_10298.exe
    Remote address:
    35.190.60.70:80
    Request
    POST /callback/geo/geo.php HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded;charset=utf-8
    User-Agent: sciter 4.3.0.0; Windows-8; www.sciter.com)
    Host: dlsft.com
    Content-Length: 0
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 05 Nov 2024 02:39:12 GMT
    Content-Type: text/html
    Last-Modified: Fri, 23 Mar 2018 22:36:15 GMT
    ETag: W/"57a-5681c0d5965b4"
    Content-Encoding: gzip
    Via: 1.1 google
    Transfer-Encoding: chunked
  • flag-us
    GET
    http://dlsft.com/callback/offers.php
    Furk Ultra_10298.exe
    Remote address:
    35.190.60.70:80
    Request
    GET /callback/offers.php HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: sciter 4.3.0.0; Windows-8; www.sciter.com)
    Host: dlsft.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 05 Nov 2024 02:39:12 GMT
    Content-Type: text/html
    Last-Modified: Fri, 23 Mar 2018 22:36:15 GMT
    ETag: W/"57a-5681c0d5965b4"
    Content-Encoding: gzip
    Via: 1.1 google
    Transfer-Encoding: chunked
  • flag-us
    DNS
    flow.lavasoft.com
    GenericSetup.exe
    Remote address:
    8.8.8.8:53
    Request
    flow.lavasoft.com
    IN A
    Response
    flow.lavasoft.com
    IN A
    104.16.148.130
    flow.lavasoft.com
    IN A
    104.16.149.130
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleInstallStart HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 3612
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:15 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978e5af3363d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffers
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleProposedOffers HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 18738
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978ec39eb63d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleOfferRejected HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 467
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978edba9b63d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleOfferRejected HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 455
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978eeeb1c63d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleOfferRejected HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 457
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978effbaf63d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 404
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978f11c3663d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 432
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978f24ca363d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 408
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:17 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978f35d0e63d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 419
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:17 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978f47d8a63d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 432
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:17 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978f59e0163d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApproved
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=BundleOffersApproved HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 1076
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:17 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978f6de8763d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferPageShowDelay
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferPageShowDelay HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 340
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:17 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978f7ff0163d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PostbackRequest
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=PostbackRequest HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 325
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:18 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978f92f8e63d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferShown
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=OfferShown HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 461
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:18 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978fa982063d2-LHR
  • flag-us
    POST
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown
    GenericSetup.exe
    Remote address:
    104.16.148.130:443
    Request
    POST /v1/event-stat/?ProductID=IS&Type=PageShown HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    Content-Type: application/json;charset=utf-8
    Host: flow.lavasoft.com
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Length: 266
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:36 GMT
    Content-Type: application/json; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
    Access-Control-Expose-Headers: Content-Length,Content-Range
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd9796e0f7e63d2-LHR
  • flag-us
    DNS
    sos.adaware.com
    GenericSetup.exe
    Remote address:
    8.8.8.8:53
    Request
    sos.adaware.com
    IN A
    Response
    sos.adaware.com
    IN A
    104.16.212.94
    sos.adaware.com
    IN A
    104.16.213.94
  • flag-us
    DNS
    130.148.16.104.in-addr.arpa
    GenericSetup.exe
    Remote address:
    8.8.8.8:53
    Request
    130.148.16.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    https://sos.adaware.com/v1/bundle/list?bundleId=DT001
    GenericSetup.exe
    Remote address:
    104.16.212.94:443
    Request
    POST /v1/bundle/list?bundleId=DT001 HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Content-Type: application/json;charset=utf-8
    Host: sos.adaware.com
    Content-Length: 342
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:15 GMT
    Content-Type: application/json
    Content-Length: 28218
    Connection: keep-alive
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 8dd978e6d86a639d-LHR
  • flag-us
    GET
    https://sos.adaware.com/v1/offer/detail?_id=574e67ffa35da5479ff8e7d0a60990fb5dedbf5c
    GenericSetup.exe
    Remote address:
    104.16.212.94:443
    Request
    GET /v1/offer/detail?_id=574e67ffa35da5479ff8e7d0a60990fb5dedbf5c HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Host: sos.adaware.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:15 GMT
    Content-Type: application/json
    Content-Length: 6529
    Connection: keep-alive
    Last-Modified: Tue, 05 Nov 2024 02:35:36 GMT
    CF-Cache-Status: HIT
    Age: 219
    Expires: Tue, 05 Nov 2024 03:09:15 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8dd978ec5bab639d-LHR
  • flag-us
    GET
    https://sos.adaware.com/v1/offer/detail?_id=dbd004e0057c583d45a95f18ed713e7ef45ef93e
    GenericSetup.exe
    Remote address:
    104.16.212.94:443
    Request
    GET /v1/offer/detail?_id=dbd004e0057c583d45a95f18ed713e7ef45ef93e HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Host: sos.adaware.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json
    Content-Length: 41861
    Connection: keep-alive
    Last-Modified: Tue, 05 Nov 2024 02:39:16 GMT
    CF-Cache-Status: EXPIRED
    Expires: Tue, 05 Nov 2024 03:09:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8dd978ecebf9639d-LHR
  • flag-us
    DNS
    94.212.16.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    94.212.16.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://sos.adaware.com/v1/offer/detail?_id=66ea60db7fa8abecde6953c3c02b33c1dce8e8c6
    GenericSetup.exe
    Remote address:
    104.16.212.94:443
    Request
    GET /v1/offer/detail?_id=66ea60db7fa8abecde6953c3c02b33c1dce8e8c6 HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Host: sos.adaware.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json
    Content-Length: 214674
    Connection: keep-alive
    Last-Modified: Tue, 05 Nov 2024 02:23:37 GMT
    CF-Cache-Status: HIT
    Expires: Tue, 05 Nov 2024 03:09:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8dd978ed1b02385c-LHR
  • flag-us
    GET
    https://sos.adaware.com/v1/offer/detail?_id=2e689ead9de434c5ff65a06c4a89eb781f997d6b
    GenericSetup.exe
    Remote address:
    104.16.212.94:443
    Request
    GET /v1/offer/detail?_id=2e689ead9de434c5ff65a06c4a89eb781f997d6b HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Host: sos.adaware.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json
    Content-Length: 89846
    Connection: keep-alive
    Last-Modified: Tue, 05 Nov 2024 02:23:38 GMT
    CF-Cache-Status: HIT
    Age: 938
    Expires: Tue, 05 Nov 2024 03:09:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8dd978ef6c7a385c-LHR
  • flag-us
    GET
    https://sos.adaware.com/v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df
    GenericSetup.exe
    Remote address:
    104.16.212.94:443
    Request
    GET /v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df HTTP/1.1
    User-Agent: .NET Framework (Microsoft Windows NT 10.0.19041.0; x64; H2O/6.9.0.0)
    installid: 40f64855-dad7-4d3f-ba16-dccb63c727d7
    Host: sos.adaware.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 05 Nov 2024 02:39:16 GMT
    Content-Type: application/json
    Content-Length: 218009
    Connection: keep-alive
    Last-Modified: Tue, 05 Nov 2024 02:21:57 GMT
    CF-Cache-Status: HIT
    Age: 1039
    Expires: Tue, 05 Nov 2024 03:09:16 GMT
    Cache-Control: public, max-age=1800
    Accept-Ranges: bytes
    Server: cloudflare
    CF-RAY: 8dd978efecc3385c-LHR
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    107.12.20.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    107.12.20.2.in-addr.arpa
    IN PTR
    Response
    107.12.20.2.in-addr.arpa
    IN PTR
    a2-20-12-107deploystaticakamaitechnologiescom
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 473680
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1A92634AABB847B499840CE3CABCAA9B Ref B: LON601060104011 Ref C: 2024-11-05T02:40:45Z
    date: Tue, 05 Nov 2024 02:40:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 470688
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7ED0B5C0D76247FB857B14C08E3FC287 Ref B: LON601060104011 Ref C: 2024-11-05T02:40:45Z
    date: Tue, 05 Nov 2024 02:40:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301116_1M7A7DN1J7VJ6Q24K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301116_1M7A7DN1J7VJ6Q24K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 544117
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F147B882621D4C74978D834F51C4F7A0 Ref B: LON601060104011 Ref C: 2024-11-05T02:40:45Z
    date: Tue, 05 Nov 2024 02:40:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 418910
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EA2920AFEF9E46778279B23ACD9A2BDA Ref B: LON601060104011 Ref C: 2024-11-05T02:40:45Z
    date: Tue, 05 Nov 2024 02:40:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 502729
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 08187C3307064179A0DDCA12EA270A69 Ref B: LON601060104011 Ref C: 2024-11-05T02:40:45Z
    date: Tue, 05 Nov 2024 02:40:45 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301549_1BX85FTNXWTEEC6IG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301549_1BX85FTNXWTEEC6IG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 470059
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3B39842E0C1E4AB59F73CFEE365531C1 Ref B: LON601060104011 Ref C: 2024-11-05T02:40:45Z
    date: Tue, 05 Nov 2024 02:40:45 GMT
  • 150.171.28.10:443
    g.bing.com
    tls
    2.0kB
     9.4kB
     22
    20
  • 35.190.60.70:443
    https://www.dlsft.com/callback/info.php?id=10298
    tls, http
    Furk Ultra_10298.exe
    1.3kB
     8.8kB
     18
    15

    HTTP Request

    GET https://www.dlsft.com/callback/geo/geo.php

    HTTP Response

    404

    HTTP Request

    GET https://www.dlsft.com/callback/info.php?id=10298

    HTTP Response

    404
  • 142.250.187.227:80
    http://c.pki.goog/r/r1.crl
    http
    Furk Ultra_10298.exe
    395 B
     1.8kB
     6
    5

    HTTP Request

    GET http://c.pki.goog/r/r1.crl

    HTTP Response

    200
  • 142.250.187.227:80
    http://o.pki.goog/s/wr3/P5k/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCED%2BZ8T58jUdVEjMJ%2F%2B4wrmA%3D
    http
    Furk Ultra_10298.exe
    521 B
     1.3kB
     6
    4

    HTTP Request

    GET http://o.pki.goog/s/wr3/P5k/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCED%2BZ8T58jUdVEjMJ%2F%2B4wrmA%3D

    HTTP Response

    200
  • 35.190.60.70:80
    http://dlsft.com/callback/info.php?id=10298
    http
    Furk Ultra_10298.exe
    462 B
     1.1kB
     6
    4

    HTTP Request

    GET http://dlsft.com/callback/info.php?id=10298

    HTTP Response

    404
  • 35.190.60.70:80
    http://dlsft.com/callback/offers.php
    http
    Furk Ultra_10298.exe
    875 B
     2.2kB
     9
    7

    HTTP Request

    POST http://dlsft.com/callback/geo/geo.php

    HTTP Response

    404

    HTTP Request

    GET http://dlsft.com/callback/offers.php

    HTTP Response

    404
  • 104.16.148.130:443
    https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown
    tls, http
    GenericSetup.exe
    36.9kB
     14.7kB
     67
    73

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffers

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApproved

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferPageShowDelay

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PostbackRequest

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferShown

    HTTP Response

    200

    HTTP Request

    POST https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown

    HTTP Response

    200
  • 104.16.212.94:443
    https://sos.adaware.com/v1/offer/detail?_id=dbd004e0057c583d45a95f18ed713e7ef45ef93e
    tls, http
    GenericSetup.exe
    3.7kB
     85.3kB
     48
    84

    HTTP Request

    POST https://sos.adaware.com/v1/bundle/list?bundleId=DT001

    HTTP Response

    200

    HTTP Request

    GET https://sos.adaware.com/v1/offer/detail?_id=574e67ffa35da5479ff8e7d0a60990fb5dedbf5c

    HTTP Response

    200

    HTTP Request

    GET https://sos.adaware.com/v1/offer/detail?_id=dbd004e0057c583d45a95f18ed713e7ef45ef93e

    HTTP Response

    200
  • 104.16.212.94:443
    https://sos.adaware.com/v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df
    tls, http
    GenericSetup.exe
    11.2kB
     543.5kB
     217
    422

    HTTP Request

    GET https://sos.adaware.com/v1/offer/detail?_id=66ea60db7fa8abecde6953c3c02b33c1dce8e8c6

    HTTP Response

    200

    HTTP Request

    GET https://sos.adaware.com/v1/offer/detail?_id=2e689ead9de434c5ff65a06c4a89eb781f997d6b

    HTTP Response

    200

    HTTP Request

    GET https://sos.adaware.com/v1/offer/detail?_id=98fb803d820deca6339be22b78181f5f0296f5df

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301549_1BX85FTNXWTEEC6IG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    104.9kB
     3.0MB
     2170
    2165

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301116_1M7A7DN1J7VJ6Q24K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301549_1BX85FTNXWTEEC6IG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    www.dlsft.com
    dns
    Furk Ultra_10298.exe
    59 B
     89 B
     1
    1

    DNS Request

    www.dlsft.com

    DNS Response

    35.190.60.70

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    c.pki.goog
    dns
    Furk Ultra_10298.exe
    56 B
     107 B
     1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.187.227

  • 8.8.8.8:53
    o.pki.goog
    dns
    Furk Ultra_10298.exe
    56 B
     107 B
     1
    1

    DNS Request

    o.pki.goog

    DNS Response

    142.250.187.227

  • 8.8.8.8:53
    70.60.190.35.in-addr.arpa
    dns
    71 B
     122 B
     1
    1

    DNS Request

    70.60.190.35.in-addr.arpa

  • 8.8.8.8:53
    227.212.58.216.in-addr.arpa
    dns
    73 B
     171 B
     1
    1

    DNS Request

    227.212.58.216.in-addr.arpa

  • 8.8.8.8:53
    227.187.250.142.in-addr.arpa
    dns
    74 B
     112 B
     1
    1

    DNS Request

    227.187.250.142.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    www.google.com
    dns
    GenericSetup.exe
    180 B
     76 B
     3
    1

    DNS Request

    www.google.com

    DNS Request

    www.google.com

    DNS Request

    www.google.com

    DNS Response

    142.250.180.4

  • 8.8.8.8:53
    dlsft.com
    dns
    Furk Ultra_10298.exe
    55 B
     71 B
     1
    1

    DNS Request

    dlsft.com

    DNS Response

    35.190.60.70

  • 8.8.8.8:53
    155.170.19.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    155.170.19.2.in-addr.arpa

  • 8.8.8.8:53
    flow.lavasoft.com
    dns
    GenericSetup.exe
    63 B
     95 B
     1
    1

    DNS Request

    flow.lavasoft.com

    DNS Response

    104.16.148.130
    104.16.149.130

  • 8.8.8.8:53
    sos.adaware.com
    dns
    GenericSetup.exe
    134 B
     228 B
     2
    2

    DNS Request

    sos.adaware.com

    DNS Response

    104.16.212.94
    104.16.213.94

    DNS Request

    130.148.16.104.in-addr.arpa

  • 8.8.8.8:53
    94.212.16.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    94.212.16.104.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    241.42.69.40.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    241.42.69.40.in-addr.arpa

  • 8.8.8.8:53
    107.12.20.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    107.12.20.2.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.LastScreen.dll
    Filesize

    31KB

    MD5

    3319432d3a694a481f5672fa9eb743d0

    SHA1

    99bff8f4941eb3cee3e0a7cb86b89eda1df07bf9

    SHA256

    768b4eb487e2dc8bcb8ec6221734ca69dce7f522d7640cc2a547f95296509693

    SHA512

    7f2a1c6c8d9d135b9e00e04f715c9b6b8ba12cb317f7b78ee3efbe3e426a99afce022306eb5bf02fe51c13857d3943b2b009b10b9cc96683e6bcbca1f9045c7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.dll
    Filesize

    6.8MB

    MD5

    4d65e6eb25db2ce61f4a7a48d9f6082a

    SHA1

    130abbae19f227b0ef4f278e90398b3b3c7c2eff

    SHA256

    1e2e26d769d69f6b06cad2f2fec81a125e4f3d14aee969357784fb533d80b89a

    SHA512

    b0842b4fc07dd332c53f56f1337b32064dad7a15663397655b73061bf3d61b44ecdd47ed626b92e69383cfaa41a9c70d4a18ece79fdbab2daf1d06adb1be4bfb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.exe
    Filesize

    25KB

    MD5

    85b0a721491803f8f0208a1856241562

    SHA1

    90beb8d419b83bd76924826725a14c03b3e6533f

    SHA256

    18be33f7c9f28b0a514f3f40983f452f476470691b1be4f2aba5ba5e06c6a345

    SHA512

    8ff86e4b4d9cb5e2e88826a822457cb863262e3b73645c0c3309f13fb496997e53005ebe1825c6f92463c6642ec9abc6bbe359b35410b0621649b8d3aaf66c71

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.exe.config
    Filesize

    814B

    MD5

    fd63ee3928edd99afc5bdf17e4f1e7b6

    SHA1

    1b40433b064215ea6c001332c2ffa093b1177875

    SHA256

    2a2ddbdc4600e829ad756fd5e84a79c0401fa846ad4f2f2fb235b410e82434a9

    SHA512

    1925cde90ee84db1e5c15fa774ee5f10fa368948df7643259b03599ad58cfce9d409fd2cd752ff4cbca60b4bbe92b184ff92a0c6e8b78849c4497d38266bd3b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\HtmlAgilityPack.dll
    Filesize

    149KB

    MD5

    7874850410e21b5f48bfe34174fb318c

    SHA1

    19522b1b9d932aa89df580c73ef629007ec32b6f

    SHA256

    c6250da15c349033de9b910c3dc10a156e47d69ec7e2076ce9011af7f3d885d1

    SHA512

    dad611ca9779b594aad7898261cc7ef0db500850eb81560c04d5d938ae4e2338e786773f63f59aab6564ad13acb4800f1862a2189803cc8cc8ad26a368f25eaa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\MyDownloader.Core.dll
    Filesize

    56KB

    MD5

    f931e960cc4ed0d2f392376525ff44db

    SHA1

    1895aaa8f5b8314d8a4c5938d1405775d3837109

    SHA256

    1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

    SHA512

    7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\MyDownloader.Extension.dll
    Filesize

    168KB

    MD5

    28f1996059e79df241388bd9f89cf0b1

    SHA1

    6ad6f7cde374686a42d9c0fcebadaf00adf21c76

    SHA256

    c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

    SHA512

    9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\Newtonsoft.Json.dll
    Filesize

    476KB

    MD5

    3c4d2f6fd240dc804e10bbb5f16c6182

    SHA1

    30d66e6a1ead9541133bad2c715c1971ae943196

    SHA256

    1f7a328eb4fa73df5d2996202f5dab02530b0339458137774c72731b9f85ca2e

    SHA512

    0657f0ab1d7fc9730d4bf6b8c8373f512d57a34063bcfa1f93a803b0afe2a93219da5dc679414dd155956bd696cb7547fc09663f8891eb9b03d9c93b3c1fe95d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\Ninject.dll
    Filesize

    133KB

    MD5

    ce80365e2602b7cff0222e0db395428c

    SHA1

    50c9625eda1d156c9d7a672839e9faaea1dffdbd

    SHA256

    3475dd6f1612e984573276529d8147029d6bfa55d41bef2577b3aa601d2fbbe5

    SHA512

    5ea1de091a108143bb74fccdb4f0553f72613e58d8551fff51ce1aab34636c856758719dfa1a0e4cc833acb8e75729793dede65c4562e1aa3f68ec50463d36f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1730774350\Resources\OfferPage.html
    Filesize

    1KB

    MD5

    5f29b47126c45d119442ad3b896f74eb

    SHA1

    801a4e5b7d01f81c9c398b4d8d9a5f49e5269eef

    SHA256

    4e85074502c0267e04b324cdbb46df644e040513e94dd13c6625fb2e039c9a3f

    SHA512

    81ddcda6399365ad83689b14d22488137b88a80988eeed40ff1678fc387cb098227f520514a3d1a2a213efb4a8f435d87f40647bbe35a273c8d277d2c639c18e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1730774350\sciter32.dll
    Filesize

    5.6MB

    MD5

    b431083586e39d018e19880ad1a5ce8f

    SHA1

    3bbf957ab534d845d485a8698accc0a40b63cedd

    SHA256

    b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

    SHA512

    7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

    Download Submit

  • C:\Users\Admin\AppData\Local\setup10298.exe
    Filesize

    3.1MB

    MD5

    369acf60d8b5ed6168c74955ee04654f

    SHA1

    1753fff63efa6ed5ad30ede6b959261ac67dd13e

    SHA256

    3ff8ec8f9f27a27f414a90bfed5b7f5a3c118b33cf0f80aeb7026e0a53e26632

    SHA512

    2582b3b4525321fece978710403e4bd4dd6e9f0869de1fec784e4e79ac98e8c6498a601c9db45d5af4f1b99e3a2cc07b9e3ec18144e18ce82b41eb64ce4eb643

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-us\default.dic
    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    Download Submit

  • memory/1616-70-0x00000000054F0000-0x000000000551C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1616-105-0x0000000007610000-0x00000000076A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1616-75-0x0000000005A70000-0x0000000005A82000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1616-66-0x0000000005440000-0x0000000005468000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1616-90-0x0000000006C80000-0x0000000006CFC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1616-92-0x0000000006EB0000-0x0000000007204000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1616-93-0x00000000078E0000-0x0000000007E84000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1616-71-0x0000000005790000-0x00000000057F6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1616-62-0x0000000005AF0000-0x00000000061CA000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1616-58-0x0000000001180000-0x000000000118C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1616-54-0x0000000000700000-0x000000000070A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1616-140-0x0000000008430000-0x000000000845E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1616-52-0x000000007159E000-0x000000007159F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1616-156-0x000000007159E000-0x000000007159F000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.