c60b34cfebdb255e4e05bc896169254187b8f8e2d7d948f5af786e884a505d62

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 09:39 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20353573acf1ad6fd8f745bba13da7b0_JaffaCakes118.html
Size

36KB
MD5

20353573acf1ad6fd8f745bba13da7b0
SHA1

51763e21080af554be014dfc1da81a8e5ed6494f
SHA256

c60b34cfebdb255e4e05bc896169254187b8f8e2d7d948f5af786e884a505d62
SHA512

6f29c20a3572258c1c687304f7b09a8f899a972fe663d8966a28027b6d8919967cba65aaf944af5ae8f37170608f4c79c6fe0cf250a304c491eca0ab63bc0a63
SSDEEP

768:zwx/MDTHIS88hARRZPXcE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6Tsdi6f9U56lLRcs:Q/HbJxNVpufS6/s8zK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a5a63a0c51d9484a986f3e3d143f4e4e000000000200000000001066000000010000200000004b1ffe8f5b78971169abe2f7263cf0199cbcd023e779e60b66b6e0e247d7956f000000000e80000000020000200000001290d74a2bd95e3f29911ebadbef036ba1688f44ab5f2fd14a29c470bf31dc482000000037a1881872a3cb1f19a13adaa477f24321d6bb0a8a796bec67b21536d8bdc13b400000006454addc81183b1c33696c2ddac5c3c573d0017df0fd12a7bb23e1103df3c1aadd9a48ce5c9e64b3f28c6d4a4a75e89010c71a2938aeb18ca06dd54ed813493c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421236656"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a5a63a0c51d9484a986f3e3d143f4e4e000000000200000000001066000000010000200000002cd09df663ffdfe376a07073ecedc5fc247b8be548b262ea38c8434dd4f024ca000000000e8000000002000020000000699cd9e4eafd6c524baf226c03111756f11dc672feba208643ece49916f81d7d9000000009a0dd8d2952d8c0e274f092df81a6e9e89422e62e08e95587254528f9de7c64582655dad6d577abfb952067e58db54a10cff4fa54fea55c8c64f854a7a8f19c154099a5575cc3cf84fa22e874313040b7b5761b0a27165d008c4617bd1790f9bb641bc19ffc216e32f757ae6d33f052ba58538ac3895a75fe541a7dc5c42278ab6a92426c7c104609007087cbd86e124000000018fd2d8acf5d866fb34855a032d3e5671f36579f2a4f84d2a711e6bbd7140b100a4d5b430aac8bdc0cfab535138ae89502c386a94ef2336d0108792c9fbb7536	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5062fb9562a0da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BEB5AED1-0C55-11EF-8221-D669B05BD432} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3048	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3048	iexplore.exe
3048	iexplore.exe
860	IEXPLORE.EXE
860	IEXPLORE.EXE
860	IEXPLORE.EXE
860	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 860	3048	iexplore.exe	28
PID 3048 wrote to memory of 860	3048	iexplore.exe	28
PID 3048 wrote to memory of 860	3048	iexplore.exe	28
PID 3048 wrote to memory of 860	3048	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\20353573acf1ad6fd8f745bba13da7b0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:860

Network

DNS

coinhive.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

coinhive.com

IN A

Response

coinhive.com

IN A

172.67.165.117

coinhive.com

IN A

104.21.57.186
DNS

saltworld.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

saltworld.net

IN A

Response

saltworld.net

IN A

188.114.96.2

saltworld.net

IN A

188.114.97.2
DNS

www.gravatar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.gravatar.com

IN A

Response

www.gravatar.com

IN A

192.0.73.2
GET

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png
GET

https://coinhive.com/lib/coinhive.min.js

IEXPLORE.EXE

Remote address:

172.67.165.117:443

Request

GET /lib/coinhive.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: coinhive.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: application/x-javascript
Content-Length: 1115
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ETag: "806233d282cfd71:0"
Last-Modified: Tue, 02 Nov 2021 00:44:41 GMT
Set-Cookie: ARRAffinity=0f60b0add9cb5787812ad43041e37f1a658566dfb27a2b04d44e3e12f2d4257d;Path=/;HttpOnly;Secure;Domain=coinhive.com
Set-Cookie: ARRAffinitySameSite=0f60b0add9cb5787812ad43041e37f1a658566dfb27a2b04d44e3e12f2d4257d;Path=/;HttpOnly;SameSite=None;Secure;Domain=coinhive.com
Vary: Accept-Encoding
X-Powered-By: ASP.NET
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VloDxMVwa1h5J8MABk4Br2684z%2F4P83S5DWhl7yVYjbNooB3RTAV88oCe4dYbgDlShPiNP7L1SOLA8fU7XlkeRJ%2B2c%2BsaO5eunN7%2FLTbIoeyuc7n%2FeR88ZuYgfN7230%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88003ec43c8b7318-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

188.114.96.2:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ggj9g1JnR9dF4MraYwYjWZVVlrclXja7KEwFoUXihwj0WUesc4TKdrJ2m4uJVPXrHQ0DAbP2YwwxqrT4OT9ueYM%2BoJj6hlc5ip92WtUWuxrSvldjPqBH3Ii9jHBsBY9D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ebf5b8779c5-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

188.114.96.2:80

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FgzFkAejHLNjPuFz%2FPACL1oYiRAZLip3Od9UNnF8VTHaIDr9o2rIdXpRPuU1hTGjJkgUqOOEBUGp%2B%2BkNsUX8Ldh889IIYSuV7ku6MDEuhs5JkAsF9Cxf8pqPBESt0hQw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ebfec5779c5-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

188.114.96.2:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pfp2J8b2fIqBpNY5AzNOe0e%2Fc%2FsRi%2FG7060uuGhcaDsc4clNNsG9ZFVqoQGt3n5KZIKG24AlDxyWGj0%2BYeLZsigQuBxz0AR4llRYEpy5kfW%2F%2BnaZ8424tTuosO2q0T0A"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88003ebf5f5f653a-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

188.114.96.2:80

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UftwBvkfapgQMxVX9oG8GEXTUQ82irhumFBRs4tbEW3KY5ICWRS7FyybJB251l0TGMpZ7ktEMvXG9DDznpUY6TZi1zTCWSsp%2Fn6WlvhBgaME5rPKmJSoMzF2gduMwUAs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88003ebfdfe2653a-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

188.114.96.2:80

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Np9aC%2Ffyo%2Bb%2BunIpYcJeo%2BLwvy%2FqkSVH2aIWWmKaQihfQIUE6xqkTk35Mc8yZNcKu42AmSZgh1kSqjiq8LiTHzle2Rkd%2FcOusUMXh9icv%2B%2FJIEoatQ9uO9EFzTmqU8%2Fc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ebf5b363860-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

188.114.96.2:80

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uBilYIrlgsVVAvO%2FmfvpC4czQpcZ8F9DqYp%2FuVTACICqcNekCa8j%2BwWVoni1BMWeW6xVGrhkkv%2FxKTkRKVxjZG3qkj9xlbtQRkzPoMUDjMumw0CzYfsjnu0tqmBEEycR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec00c343860-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

188.114.96.2:80

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JDxs%2BPwdYVUk4FHZI7qKMd63NXwRrkAHD6xXQuMDmqAT5ptHU0JIfE%2BYN%2BESd%2BhhfqU4Eud6X5XcaKHX87Q73eA8gjPo0UhcMGsg5BvRDjgh%2B8uAsNiVGFmmhcujTd3V"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ebf5c98416a-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

IEXPLORE.EXE

Remote address:

188.114.96.2:80

Request

GET /forums/uploads/profile/photo-44563.gif?_r=1448768805 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d8QKW6m%2Betk6la0QZBSMtK6%2BM7hMuvdSfGIze2WIrFfdfbjxvK3ZmzIgPlgpxqrz0tK6MI659MvtL2TTjSheNszfKeQ3N3OZJzdYOdF%2BLwLo2Ze60GTjoyvC%2F%2FTpWSTb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ebf5e3f60f8-LHR
alt-svc: h3=":443"; ma=86400
GET

http://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

188.114.96.2:80

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:50 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://saltworld.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i1DqwZrjGKpiOq%2FRbtVNuGHwwWRu%2FI8ixOic07K7b1MmMifa0MKQlTtjfuT9EKArbDU9FTzP19LCZN5wf7gUtFFNVJHw3jRM9683WuS7zyEaQ%2BZHvT6ylMg%2BC3AkuCW9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ebf5aa160f5-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Tue, 07 May 2024 09:44:51 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 4
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <https://gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
X-Redirect-By: WordPress
Location: http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png
Expires: Tue, 07 May 2024 09:44:51 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 2
Alt-Svc: h3=":443"; ma=86400
GET

https://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: image/png
Content-Length: 22655
Connection: keep-alive
Last-Modified: Tue, 22 Sep 2020 02:57:25 GMT
Link: <https://gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png>; rel="canonical"
Content-Disposition: inline; filename="6ab9cf9740f754d0565ec0f4b1250e8e.png"
Access-Control-Allow-Origin: *
Expires: Tue, 07 May 2024 09:44:51 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 3
Alt-Svc: h3=":443"; ma=86400
Accept-Ranges: bytes
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2Fbrojzwsk1jPKnypJA0523OmylbRnkqwDaAhss1dIHhdtsuNwqkTiOoq9rh6ekLd6G%2FqeqvEPMV3Y88%2ByMHHG3oKKsg6Vf%2FTJcrnh%2B6WE%2FhN%2FT8DtPGOFrfN21p%2BfqD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec4ccbc069a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EhHmaRO5DGauH5%2BZUpgmFKLVsS6wEqojd340pS8ng%2BcClohFYfOv9MVX1ztQmbxD1YdFDpyWHAwkJXzTWZF7txcCQZuNj6N%2FvnpyevUqA5UZY%2F%2BYyv0cxpfcKp9KqvbG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec4a9ee63a8-LHR
alt-svc: h3=":443"; ma=86400
DNS

pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pki.goog

IN A

Response

pki.goog

IN A

216.239.32.29
DNS

pki.goog

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pki.goog

IN A

Response

pki.goog

IN A

216.239.32.29
GET

https://saltworld.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/f_icon_read.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tRc3AREPba6NdZdNURhDrah6tVNcr7hdReRG7gtpoPa10GhCuOVZdiwAwbeM%2Fbwq3xitp4HuSROWXQSc26sgRNjLKB8ZpGCUtNIY4a4fNM3a41RIMc9di0F0XWusxi96"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec45e649565-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/feed.png

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /forums/public/style_images/master/feed.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/feed.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=36J8FtFJnONxzAJb2F2cyxYhAExivO36mkQTB%2FWlOF5m6e5H7mDT4OPAu2YqoiBeJFbuJJ7LmumP4FKUKWnppF4vIvWRRQgOUz0oM%2BJqfXnO1Hmvo58Vt%2B5H1TErP9xQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec4df4a9565-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /forums/uploads/profile/photo-44563.gif?_r=1448768805 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-44563.gif?_r=1448768805
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MJcn%2FKotBuOzwF8RZOv79Q2JEdu30%2FeKmD0Qhcw%2FUZee2qWxxe1AQOOZSdxZ9ZY5aGV4JMPkz0in1tSssfsRQej3HEqSD9%2Fj8NEPZzvKmnpnYUocwS6NJdP1NWtOIt9S"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec46be77767-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/useropts_arrow.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RHAl58eV%2FjFYAV3ndJCd8XNQoSWp3m97C0wddI6Yk3tZVrr%2Fdef4rL9bGF9DjQi%2F4%2BYy3hgA9mNzbUXfkad19fMh1CR5swMKJAb1rSxLcWlGcttN8PdidgwwJMtweumD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec43f7624d1-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNOHTrjUQikdgwteMVGk6%2FLGfvjr93LioaJAlEvfZntp4nMn%2BBvnnzS34xFCQMRzHZr1%2BWgwUR8GYhKnxBqJ0RJb5WM89%2Bdx9B35s0i7IwuXLeFZcwyFsUdyOGqKnFaJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88003ec4bfd124d1-LHR
alt-svc: h3=":443"; ma=86400
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 07 May 2024 08:53:56 GMT
Expires: Tue, 07 May 2024 09:43:56 GMT
Cache-Control: public, max-age=3000
Age: 2754
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 07 May 2024 08:53:56 GMT
Expires: Tue, 07 May 2024 09:43:56 GMT
Cache-Control: public, max-age=3000
Age: 2754
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 07 May 2024 09:13:37 GMT
Expires: Tue, 07 May 2024 10:03:37 GMT
Cache-Control: public, max-age=3000
Age: 1573
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 07 May 2024 08:53:56 GMT
Expires: Tue, 07 May 2024 09:43:56 GMT
Cache-Control: public, max-age=3000
Age: 2754
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/gsr1/gsr1.crt

IEXPLORE.EXE

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 07 May 2024 08:53:56 GMT
Expires: Tue, 07 May 2024 09:43:56 GMT
Cache-Control: public, max-age=3000
Age: 2754
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.16.233.202
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.16.233.202
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.16.233.202
DNS

www.microsoft.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.16.233.202
GET

https://saltworld.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/public/style_images/master/top.png
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUG1IWl8LtGnHkglzCKiMRVVfnFkXX79dcQ%2F8v8jJVzPYH%2BdViBU%2BWc5x91N3wRT4jMXdLLL7rtIfaPBYiGX%2Ba%2BvRapY8NrCSFWJjW8xiNPt%2F7uxdo5n5EcnGlRE2Xiv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec49bfc6358-LHR
alt-svc: h3=":443"; ma=86400
GET

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

IEXPLORE.EXE

Remote address:

188.114.96.2:443

Request

GET /forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: saltworld.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://gamingw.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e9khG7LUvUVIhzhYinatu8nDcQZwEAMTwhwONGL%2B2DXkgxZnkk0eAW%2BEqL6s9vmW3r9wDuMbzUwvaH5KZWp%2BOMYaz0eNLvrRIazZwjUxAqCMJSqQ9x6lwvKYhDIPpRWW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88003ec4a9d29481-LHR
alt-svc: h3=":443"; ma=86400
DNS

gamingw.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

gamingw.net

IN A

Response

gamingw.net

IN A

172.67.160.162

gamingw.net

IN A

104.21.65.85
GET

https://gamingw.net/forums/public/style_images/master/f_icon_read.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/f_icon_read.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 07 May 2024 09:39:52 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FE6KdSiq7CJ9kGrYxkNQZ72d%2BpTrQYsMDSuwfrRMzJtCNe%2F5qelrmiBT%2Fb2%2BDdDphk7I3C%2BOTDR3hUBgp%2BMTkYbCrcBn86RWhwQqNAE5ff7mUQmUbkem0S6NnwPjZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec5dbe4654a-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/useropts_arrow.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 82
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BlyHQtXi7%2FHWiligCr4EmyOWmiVOyB0d7uwUzXeu7vhkIlkF9BAcLpIyxkj75UTR2fjO5fR0U5INRRw3T2DcZRTaYubh7eE5dUcuifdYNGWG7EvyBAv0EUwSFAYw7w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec5da47413a-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 07 May 2024 09:39:52 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m7f%2FZ7H%2BDqj7BPjWFV3QgLWcTSU6pIm4eQ%2B8%2FVLQf%2BR4BoEwVIvJ6eVefZD7QO5vitGLzFJuOoBsKsCpwWvoQ7sUYJFuguGUc73sd%2BOIprhx5Eu7NA4wOr6HuD26bg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec63aef413a-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/uploads/profile/photo-44563.gif?_r=1448768805 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 32
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z8uBgfOAJbJ1TOL2fAkl1Qb%2FZARDCKFvbi5csgak2Fp8Awtp%2FK%2Fk9T7by4CKh%2BcJhYxjExNmWSbZkGBF47OBLtCAMeEK8kg4GFHilOaSl03XXerAPxu5F81YPC12jw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec5e9876331-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 07 May 2024 09:39:52 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AaERwX2LyiSmIAlceqMXCLlHgLw%2BaLJy7jUt%2FJ76r5UfgCCC5FqeEQyv0oMQwO2ilyf2zdntVQYUdNmt02rfPwYa0MdUgRBLEGrmswkNevjqQDTX%2B834FeeWPlPdGw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88003ec63a2c6331-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 07 May 2024 09:39:52 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=golbLL9ts%2FUfCKIbQWx4GgqApmhDxpFncwkkiJxKPJkRFFP2Z9GMrGtuZO3Lfx0%2FGT7hsA50%2FlYdhTr5l9dbDkGOPDiUzBR05SODvt%2BUDrTbt%2FneB%2BxN3c%2FOpTn0rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec5f96a4165-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://gamingw.net/forums/public/style_images/master/top.png

IEXPLORE.EXE

Remote address:

172.67.160.162:443

Request

GET /forums/public/style_images/master/top.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gamingw.net
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Tue, 07 May 2024 09:39:52 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G7cZEakHuWAMWIccOd2ihyJAgnE3BA5ufFjkpyIxK%2BCqw%2B9KDgcOqZpUY%2Biyhl1L6PLtxhd%2Fye4mb1wl3%2FXtdx7TpTiLaY8%2BabxSihBGXEtUJ13mm2bifNksKURj1A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88003ec5f9fb9409-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

i1.wp.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i1.wp.com

IN A

Response

i1.wp.com

IN A

192.0.77.2
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Tue, 07 May 2024 09:39:54 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: EXPIRED lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

IEXPLORE.EXE

Remote address:

192.0.77.2:80

Request

GET /saltworld.net/forums/public/style_images/master/profile/default_large.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i1.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 404 File Not Found

Server: nginx
Date: Tue, 07 May 2024 09:39:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-nc: UPDATING lhr 7
Alt-Svc: h3=":443"; ma=86400
GET

http://www.google-analytics.com/ga.js

IEXPLORE.EXE

Remote address:

142.250.179.238:80

Request

GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Tue, 07 May 2024 09:20:28 GMT
Expires: Tue, 07 May 2024 11:20:28 GMT
Cache-Control: public, max-age=7200
Age: 1165
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

http://www.bing.com/favicon.ico

iexplore.exe

Remote address:

23.73.138.75:80

Request

GET /favicon.ico HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: www.bing.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: public, max-age=15552000
Content-Length: 4286
Content-Type: image/x-icon
Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
X-MSEdge-Ref: Ref A: 9161F32D259142AFAECEEB8A5DECBEB1 Ref B: LON04EDGE0910 Ref C: 2022-11-19T16:10:06Z
Date: Tue, 07 May 2024 09:40:02 GMT
Connection: keep-alive
X-CDN-TraceID: 0.478a4917.1715074802.f811a2
DNS

iexplore.exe

Remote address:

23.73.138.75:80

Response

HTTP/1.0 408 Request Time-out

Server: AkamaiGHost
Mime-Version: 1.0
Date: Tue, 07 May 2024 09:40:37 GMT
Content-Type: text/html
Content-Length: 314
Expires: Tue, 07 May 2024 09:40:37 GMT

172.67.165.117:443

coinhive.com

tls

IEXPLORE.EXE

773 B
5.8kB
10
10
192.0.73.2:80

http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

738 B
1.3kB
7
6

HTTP Request

GET http://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
192.0.73.2:80

http://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

738 B
1.3kB
7
6

HTTP Request

GET http://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
192.0.73.2:80

http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

http

IEXPLORE.EXE

738 B
1.3kB
7
6

HTTP Request

GET http://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

301
172.67.165.117:443

https://coinhive.com/lib/coinhive.min.js

tls, http

IEXPLORE.EXE

1.2kB
8.0kB
12
12

HTTP Request

GET https://coinhive.com/lib/coinhive.min.js

HTTP Response

200
188.114.96.2:80

http://saltworld.net/forums/public/style_images/master/top.png

http

IEXPLORE.EXE

1.1kB
2.7kB
8
8

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302
188.114.96.2:80

http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

http

IEXPLORE.EXE

1.0kB
2.5kB
8
8

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302
188.114.96.2:80

http://saltworld.net/forums/public/style_images/master/feed.png

http

IEXPLORE.EXE

978 B
2.4kB
8
8

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
188.114.96.2:80

http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

http

IEXPLORE.EXE

722 B
1.6kB
6
6

HTTP Request

GET http://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302
188.114.96.2:80

http://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

http

IEXPLORE.EXE

589 B
1.3kB
6
5

HTTP Request

GET http://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

HTTP Response

302
188.114.96.2:80

http://saltworld.net/forums/public/style_images/master/f_icon_read.png

http

IEXPLORE.EXE

586 B
1.2kB
6
5

HTTP Request

GET http://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.3kB
6.3kB
12
12

HTTP Request

GET https://www.gravatar.com/avatar/6128162e0ab80b6aaefd01d25ec9fefe?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.2kB
4.9kB
11
10

HTTP Request

GET https://www.gravatar.com/avatar/ae111d25cbb9b2d7293e8bdb2fcfe8b3?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

302
192.0.73.2:443

https://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

tls, http

IEXPLORE.EXE

1.7kB
28.9kB
21
30

HTTP Request

GET https://www.gravatar.com/avatar/6ab9cf9740f754d0565ec0f4b1250e8e?s=100&d=http%3A%2F%2Fsaltworld.net%2Fforums%2Fpublic%2Fstyle_images%2Fmaster%2Fprofile%2Fdefault_large.png

HTTP Response

200
188.114.96.2:443

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

tls, http

IEXPLORE.EXE

1.4kB
6.7kB
12
11

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

302
188.114.96.2:443

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

tls, http

IEXPLORE.EXE

1.4kB
6.7kB
12
11

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

302
188.114.96.2:443

saltworld.net

tls

IEXPLORE.EXE

774 B
5.7kB
10
9
188.114.96.2:443

https://saltworld.net/forums/public/style_images/master/feed.png

tls, http

IEXPLORE.EXE

1.6kB
7.4kB
13
14

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/feed.png

HTTP Response

302
188.114.96.2:443

https://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

tls, http

IEXPLORE.EXE

1.2kB
6.6kB
12
11

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

HTTP Response

302
188.114.96.2:443

https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

tls, http

IEXPLORE.EXE

1.6kB
7.3kB
13
12

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

302

HTTP Request

GET https://saltworld.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

302
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

351 B
1.8kB
5
4

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

351 B
1.8kB
5
4

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

351 B
1.8kB
5
4

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

351 B
1.8kB
5
4

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
216.239.32.29:80

http://pki.goog/gsr1/gsr1.crt

http

IEXPLORE.EXE

351 B
1.8kB
5
4

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200
188.114.96.2:443

https://saltworld.net/forums/public/style_images/master/top.png

tls, http

IEXPLORE.EXE

1.2kB
6.4kB
10
10

HTTP Request

GET https://saltworld.net/forums/public/style_images/master/top.png

HTTP Response

302
188.114.96.2:443

https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

tls, http

IEXPLORE.EXE

1.2kB
6.5kB
10
10

HTTP Request

GET https://saltworld.net/forums/uploads/profile/photo-3914.57_68bd69e5aed67c7aa3dc4520e02d3f4dff99e864?_r=0

HTTP Response

302
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/f_icon_read.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/f_icon_read.png

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

tls, http

IEXPLORE.EXE

1.7kB
8.4kB
12
14

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/useropts_arrow.png

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&f=public/style_css/css_4/ipb_help.css,public/style_css/css_4/ipb_styles.css,public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_common.css

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

tls, http

IEXPLORE.EXE

1.6kB
8.3kB
13
14

HTTP Request

GET https://gamingw.net/forums/uploads/profile/photo-44563.gif?_r=1448768805

HTTP Response

404

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&g=js

HTTP Response

404
172.67.160.162:443

gamingw.net

tls

IEXPLORE.EXE

1.6kB
8.4kB
13
15
172.67.160.162:443

https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

tls, http

IEXPLORE.EXE

1.3kB
7.2kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/min/index.php?ipbv=e3dc6c59d017b380e9899774b18a7749&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/1/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js

HTTP Response

404
172.67.160.162:443

https://gamingw.net/forums/public/style_images/master/top.png

tls, http

IEXPLORE.EXE

1.1kB
6.7kB
10
11

HTTP Request

GET https://gamingw.net/forums/public/style_images/master/top.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

658 B
856 B
7
6

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
192.0.77.2:80

http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

http

IEXPLORE.EXE

606 B
515 B
6
5

HTTP Request

GET http://i1.wp.com/saltworld.net/forums/public/style_images/master/profile/default_large.png

HTTP Response

404
142.250.179.238:80

www.google-analytics.com

IEXPLORE.EXE

190 B
92 B
4
2
142.250.179.238:80

http://www.google-analytics.com/ga.js

http

IEXPLORE.EXE

858 B
18.3kB
13
16

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
23.73.138.75:80

http://www.bing.com/favicon.ico

http

iexplore.exe

542 B
5.1kB
7
7

HTTP Request

GET http://www.bing.com/favicon.ico

HTTP Response

200
23.73.138.75:80

www.bing.com

http

iexplore.exe

288 B
694 B
6
4

HTTP Response

408
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13

8.8.8.8:53

coinhive.com

dns

IEXPLORE.EXE

58 B
90 B
1
1

DNS Request

coinhive.com

DNS Response

172.67.165.117

104.21.57.186
8.8.8.8:53

saltworld.net

dns

IEXPLORE.EXE

59 B
91 B
1
1

DNS Request

saltworld.net

DNS Response

188.114.96.2

188.114.97.2
8.8.8.8:53

www.gravatar.com

dns

IEXPLORE.EXE

62 B
78 B
1
1

DNS Request

www.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

pki.goog

dns

IEXPLORE.EXE

54 B
70 B
1
1

DNS Request

pki.goog

DNS Response

216.239.32.29
8.8.8.8:53

pki.goog

dns

IEXPLORE.EXE

54 B
70 B
1
1

DNS Request

pki.goog

DNS Response

216.239.32.29
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.16.233.202
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.16.233.202
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.16.233.202
8.8.8.8:53

www.microsoft.com

dns

IEXPLORE.EXE

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.16.233.202
8.8.8.8:53

gamingw.net

dns

IEXPLORE.EXE

57 B
89 B
1
1

DNS Request

gamingw.net

DNS Response

172.67.160.162

104.21.65.85
8.8.8.8:53

i1.wp.com

dns

IEXPLORE.EXE

55 B
71 B
1
1

DNS Request

i1.wp.com

DNS Response

192.0.77.2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d20676b0dd6566b50f78338b8d733de1

SHA1
25c7ea06f4209eec8c2f5bb90805f3c25b3824fe

SHA256
5516bad2830e983e64294381be174156b13ddf67eb1550f73ea5d1c7e81b5a01

SHA512
c3a210b285b5bd8d2295d1dffc8f7502ecbfe31dc2d64908d247b4670ec4811b14e13512f17de599e7841a40acb995961caa1eda6dd318a1e4af56ebf4b263fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
30eddc845289d68a3622a0f1c2f91431

SHA1
ae425517c17a5579d229f55f73e30740706adf61

SHA256
1314ca42076c9e3a6ef52b67824639746184dad27d4c8434b89ca10c91b12168

SHA512
c4d41850fb3fe548fafda52917657102e7ac18595e81f1ce96f9e519bdc3915c6aa1d2e8417429560de2fecc7268a56765fac037f5c4ca6f11fb3ccbcd729b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
434993669e7788542e21f8c3c8d3d727

SHA1
afd059a13e5da09b9fdba57645b97f9cfe5ce5d9

SHA256
804188e36570375f648d0ff479f1de7bd8be10d7c2034c6d6ab4293757286a79

SHA512
3a113ad148d16c07dfcb5d59853f75b64b4e82a144b50dd8e5114684e4e305553fff409687b1f30cb71678add5844c7a862f3276aafaf4e360dd71499f43559c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a121ea6d5c964d81acbc83f74963847

SHA1
bfbc7008473bdfe0656fe9a8914d18849324a258

SHA256
1a182e6080d628e95ba98aa4fa0772712e507711ab267b669ef8276728346420

SHA512
d14afcc456fb9722df0b07298f31c153c40a8d88eb519233e13bbdb4e824128e093c060b92bb9b52fabd0210774b5cfa44735b176c9cace843cb5b5f501dfa8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ab85bb64895d4844ef706af15e0e25e

SHA1
26aa1c894867ac11befe064f2635b9eb181142d0

SHA256
ca29f9b9b00f5f75d7793079f5b9062f459fb9f4bccd4627ede5a3eab0b16154

SHA512
da1930482fd52d515f38a4a74e8aef326a5b2abc7e9262513ef409a9572ced162068c826b9a9b2015694c3eeb2baec99d66b563a5c7e3566af54933194f9dc26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51c94b6523f3660f9301c7452f2c5aa7

SHA1
db69a982a30b2c3142387f18c98854004d3b60e0

SHA256
d03279889f56c10eb17d5143aadb7e1190050bc43b66198dfcb2270a1226d8c2

SHA512
a0dc9015e67be6646f50d47f8410779b23088f2620738ed9661a8c51494a28a3ff030aaa09814e2081e82410c97ba2391f96cad9200975f0bb85ef2dbd08fcad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3301719945a2224483d05935187b7a9

SHA1
8ce27ed43ac4be48d729086be47bc5f9afe48bfe

SHA256
0d826843cf0f0d5e0637416b3c49e03ea36a7f7e0fbbb0c6072f419eec7e53e9

SHA512
4ca81fb32021b51a64d3e4d1a3649130ec320cd7c33b4c14853d8cdc083bbf72cd4323e74bb4d20ea2b17dd5f2aa00c9cd12292f217066a9b9cbffbcac2015f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b8fbdf21dfba389430aa35c0bab567a

SHA1
3f99d4d20ba0a6a8889333e5bbe71401893487e3

SHA256
43b17457e43a1c40f40c3065ecd6a2e936c290ebb0908bb05dc149f77a4852d6

SHA512
551479f72dd7ffcfd3a36c6db0bf472f53d4286543d669cb3a7b50c47d8de451e69e6c95fcb685f70f85d7b0108113f81b8d856ef3039689ca5a1de6ab17a4a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8fb997c3975bb662d57d8b4b4926321

SHA1
3f845e3dff52b01aaa1a7133cac104d282c683f1

SHA256
9f756ee2f3854d0d71c2d4d5d6a5b5862dda1ca0a7aa725a5c195736ac8ac79e

SHA512
ca5762616e33665969bcd8e79a8dacec06a418dcb390fd78ae5ef3ee6d2f6f2b83512ea1360bfb259d98085b2ba3c46bfb0ac202ef00fc885e67e37fdd05bab4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb3386162ce21934ecaab14ec849e2b4

SHA1
2ea72301e52a13cdd3532022fe48286b0bcec0b4

SHA256
be27075b6e405a0a79cec164d86094849dc858d28bd26b54004a11b86731ba90

SHA512
7ac8e345c33149a100f79e43af07cb0f049f3c870b71cd7e724645dac243c40c688dfc88756a134a41485d149580f2997c7f559e915554dc36b3502132759dac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6574bac134a79cfd71c17f348e361c98

SHA1
b25018c4997474ac5c9b94852b34fed7f3be9c60

SHA256
4f9adc7b799cd03b4b692b7cfede52a6cd6ca26cb3d31aa6979dbb705b036864

SHA512
6d5681e10d9e027ebb0674a9ab9a522812b5880dee160961db2ceb2e378652a41c447a62a80c1b713acb4af71a497fec0d88b36b159ad9d4c2058be1e2af971e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea6acfaa4411063cba6ba2312bacc7ff

SHA1
0906b048fea4d60b7655d2725ac91cb258897155

SHA256
7f128cbf9b129eb15d31e700f71b47e66d57abf18a4bc936eaa6cd84d5796400

SHA512
1e3067417829dab02f827e363f33a8d3dfdfa5d8ba346d855a463e576c23692c071e3ea237adff70e82df9b3735003bbbb452e226be49544a7203b745c8cc6c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f543f81d5b0c7281f2ef14c8a41719a

SHA1
78a3fcd20edc6567c392ec285946b5de9d55a8d8

SHA256
b91741c1d2720008916857373c2d0a75ca65fa32e160ef9f93208466699f7f57

SHA512
c5323c1e65d04f94bddbbd2bc122c04f10d3b51629414f39ff1bd3f18c82efa36dc6bfe7a44b9138622a5f7a6f99420735d1433b6d1e61a8f6f9fd55a6943afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85fec331a28fe95538b2daf48c46b269

SHA1
d256519b9a4db9bf4c808b4d7e119d3248cd5ea4

SHA256
4c58479eccb4ed8c716ff7e6ed518c507e8222a5515f11fa28082cb0bf7636a6

SHA512
a81580e068ee88d7a60af162a716850452e4d1615265ff5628634393bd12cc16e7e20d2c8d888d5ee0d4c8a91c575f4aa9d46eb0ec31e51a6aefaf9907abf9ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a115c7745b726e97b19f35e83c4b1d4

SHA1
45e147e24c4bef862b4950c234268d297cb1452f

SHA256
8f7ea04789888c94b0d7561ebf38a5f5394eb95d95f476e1b26eec982bf988db

SHA512
8929d3f2c1f7e278590102de94024d31258948a389b541906293f55567cffcef7818ee3e0cf83951e56e0e5590c9534885e48fe86f93bc9c1383ef089f9679c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c4cb3c78a65eba302dc19a4c26ed17c

SHA1
f532fcd302477f1cd5451dcf7e4498c4f7208764

SHA256
a6511ce86f9832b823a85bcc185e6f54c9b1cfd476581594e15f2e5ff5b84a0d

SHA512
2abfa5917130105e1b5ba0d2a6daa56e37a1913366fa98e889af495dba54c2f97a79bdbce268f6453d64cf4239c76ccadd5fb86df42e4eae83664b9db2afcb1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c1934bac421d07843f295c1373ad4e8

SHA1
3cc9bb8546fd3ec05b6603acbf07a50ac16ad1e3

SHA256
039bc66f989e303839fc254b14cc4c2efaa04a43dbc3f2854604bdcb90daca1b

SHA512
f9f643426060afa040fa069858f4a607f9c4a925c7faf943daf58b84ec8093c9e802b7f103c704cb0de6f59e51a6f9cc547eb088ea4a1daafabf6a4a9aead4be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4617be107d1868612e700d95791e69d2

SHA1
3058f69dcf1b13d091ed7a8cf4677b7bee030d1c

SHA256
4e754d3d2bebf8f1d67431b50fe933bb9e8ed9f7ed71729b7c1db2e0d567af49

SHA512
aee3c87933ee4423cdba7741773bab7ac49d377ccb8f68c5e40928176c49667c14b0230e10d73adb937c57146e25d2857212f248e1ca881d39e95fb6307ebd8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b29b78144109a24b10e7dbcc6c84f8bd

SHA1
2b8916d196d5a38236021f9864f4b0ed1cdfdfdd

SHA256
836cb1ab584744da1575d768b88d195124858c70bbcf75a5fe5558cdfcb81c7b

SHA512
a0b4edc384d2ce1af05416f6713eb2cf534af793f71d6015a228630f2e96b0e25ba6416c9d46cb1503235c60c33b66e0a0429eba1268fbe3b52392c33d4b7612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcee9fdc1880c9c0e145d064ce93ad05

SHA1
61f5842bc16ca447aa0bda3d241ece9e2220abfa

SHA256
28fff2507b6b8ae83ea621c8de231471be4f88226a0ec627cf4a0cae4f6464b9

SHA512
ea16e3fb075d2026579ac9c7ac785613373e16d45468e59bd0c9348c48d62f2288638aa3a0e61aa39b2fc156354c2420c20744709869e1ec3c9af583e1763122

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
256203de18e4cd8280f165ab0bb650fa

SHA1
bd0ac2555583302c6985e7c04b9a65ddf89eece3

SHA256
884e1ec803efb6a6b5853a2de79479769dbae06a2f4a83d863e5947b7b8a7c4f

SHA512
c6c3701ef3e530e19bc8a2db25b79017f8d7e28caa8be86dea2d725f97c7ef925f260299278c64acfead61e7e8824e88ed69ae16757411f051e981dae403c0f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f1c4636807c2b437ae149c897fd7947

SHA1
a70a06092c407fbf28d2679fa712facf705f0b9a

SHA256
e80960d17628763b687a0e777b514b1be0b298d3ba4058fdab23f122a9d50e89

SHA512
e92f729f1116305c88d8b66018d082908110072c658177fa6f02567a6cb6a457705e122539b1f1b8a715888ead30ec1b51b0b752ed52f56fc9362c3b5e77887c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2593043cc6ca32dd5c79d9141615ad4

SHA1
1705bb06ce0a1db69b686b576c4fbc976190980a

SHA256
513ee2a82bd0076b9abba25b3d3165f28481b70c9167729dc1e0fd2fd4a86a40

SHA512
bb1998e817ab4bb51f2be77fc93b25313f397ebc00545d9901087165b04e8cf84e323d026748521f32e6117ac684ee484e95f4e18d533e95a3ee140fd9d8f585

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0418f34cbee890d87c2df22b5bb70cd

SHA1
2192557571ecdb7e0a27dd8935ecc3bccc75e3c2

SHA256
fab1286ae549cf0bffa7f46dac0b33119743e2e783b46c2045ea4fe109d01853

SHA512
efa22eb09cc34040db2092ff0fc09f43e85be3adb499aa4ce046345e26fd57ecaa3eb7d086e2fd30c970b71261d2c8ffbea90d83ee8de67168fe7fdd4eeff97f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c336b29e8b4253c4958eb66c78e45381

SHA1
4df02e6f51dd31f5082dc31a56732b396f060eb2

SHA256
b0711f1fa9fc2fe8b34e84d48fbe60ef3ee16e04e7b6566155758ad56dcab838

SHA512
8f82038ecc42afebb944328ee1187834a1c8c95f142c500a617c780edeb7b01529b5671b4909a9c1b5d5675553a8dd8fc7163c888f8d4c6324f498e8c53707c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f39cd74cb221589a5ccd0063ce9fd07

SHA1
972f864bb9720533713cd1a01e5c7fabc02de3af

SHA256
608137286edd8922d86172baffc0f0f8a185588b376b4dfd62338c544f73ffbe

SHA512
8940db2403a5b50449d96e53820ef3bb9234a69bd90f03572cea79b2a031e0a13cc5abfcbdfa45d80ace0329c40d4a77aa98f267fe86e92b1fa34e1d0e774071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44ec08f872bd8cdf915d42fbbda81033

SHA1
1fdafa7ec1c75780baca597658448291858867e7

SHA256
4725f56c6070778d60004ddbb10a5a5e1151bf11d5ea1d85d37934650e88456a

SHA512
02950a84e640e0b96311ed08686c4259396991398916ccc7d6f9bfb0ae12af78d077a97a446f7e6a8683d2472e1aad4cef8d315cf970c55961a53cfe201dfd65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
85efc40bdc852a9be6a923dfdc652ec5

SHA1
383279483dcf67de9ad6ad92d383bbd249e57716

SHA256
d428b74c7960e22803194b140cd388d53eae0e12bf7108f4ef7df9849fa87bbb

SHA512
50ab57144949715f23775e8007f476a821a392f6b4db7fa437ac11a4831db8073e137bff393496eaaea25e1140870e0d5be59af40d764e1342e678ba39ab81bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
36ea10650178f3fd08e94cd3ae67a842

SHA1
47399059b187d92c73577e894a131b86ca6f898a

SHA256
dd80a4fdb26797dc048d9e1f513a53c5a02cfd9adc741d49f0b11282204e2c5c

SHA512
b02113a535bef49e09bb4f60581bd9548780d5c9730ef324c92294bd11ed8ce4403c6aa445a678e3da39a5f635bf1f43e7c013907da24822e0e1f463c1c73c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B6F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1B81.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request