Analysis
-
max time kernel
1800s -
max time network
1147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/10/2024, 00:17 UTC
Behavioral task
behavioral1
Sample
Subnautica v1.0-v20210512 Plus 15 Trainer.exe
Resource
win7-20240903-en
0 signatures
1800 seconds
Behavioral task
behavioral2
Sample
Subnautica v1.0-v20210512 Plus 15 Trainer.exe
Resource
win10v2004-20241007-en
2 signatures
1800 seconds
General
-
Target
Subnautica v1.0-v20210512 Plus 15 Trainer.exe
-
Size
1.6MB
-
MD5
802562bbcb719682e5239724bbcb66af
-
SHA1
26dddeaa207b363225a0bb923177096b753c681e
-
SHA256
20c61005893f31e43e1efb523cc80a6267cbaa1d0f878d8b54fca7e2878aa81f
-
SHA512
315969abd2052edb5dd53ed5e1e0080320dc948d8c52e13114ff3971d89a59ce4263cdb1be1d7eab85d1368a10ef437541a575727bb373bd4af83e2eeb33a696
-
SSDEEP
24576:KHfTuC9i/EAVw5MarrOE8Q78D03McY04WzDSOcxMbJ7:Kqh/9u6aGQgD0ccYKtcxMV7
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1932 Subnautica v1.0-v20210512 Plus 15 Trainer.exe
Processes
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestflingtrainer.comIN AResponseflingtrainer.comIN A104.26.14.72flingtrainer.comIN A104.26.15.72flingtrainer.comIN A172.67.73.26
-
GEThttps://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updateSubnautica v1.0-v20210512 Plus 15 Trainer.exeRemote address:104.26.14.72:443RequestGET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
User-Agent: FLiNGTrainer
Host: flingtrainer.com
ResponseHTTP/1.1 200 OK
Content-Length: 6
Connection: keep-alive
vary: User-Agent
last-modified: Tue, 09 May 2023 12:34:22 GMT
etag: "6-5fb41f9908f80"
accept-ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7pEswlEMTKN0fdT5MMVP%2F9X45rBP%2BvygiGirQHuCXLwgcNDMu36bzSXMAXvgkfXuzAj63eQksmdIFxPl%2BqIThhJv9A98uVa0nRo0rTQQ2qmLk5CqDsgeRLvoLMwnJQU8DKg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d4c96a4d96b9482-LHR
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
Remote address:8.8.8.8:53Requestg.bing.comIN A
-
Remote address:8.8.8.8:53Requestg.bing.comIN A
-
Remote address:8.8.8.8:53Request72.14.26.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
-
GEThttps://flingtrainer.com/wp-content/check-for-trainer-update/subnautica-trainerSubnautica v1.0-v20210512 Plus 15 Trainer.exeRemote address:104.26.14.72:443RequestGET /wp-content/check-for-trainer-update/subnautica-trainer HTTP/1.1
User-Agent: FLiNGTrainer
Host: flingtrainer.com
ResponseHTTP/1.1 200 OK
Content-Length: 11
Connection: keep-alive
vary: User-Agent
last-modified: Thu, 13 May 2021 03:48:21 GMT
etag: "b-5c22dff97ab40"
accept-ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9qf5icTg3wkQY6V5gJ2Bi1SUzgaG%2FKUWFeajRPLrOLKobfghShn9863OilYugOS610iKj%2FtyOeHhhDUx4q3Bog6WgQhh5%2F3yW31aYCGTVvWsxRdKojtxvgW7wi1NVJXRtiM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d4c96a02d5f94b5-LHR
-
Remote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.178.3
-
Remote address:142.250.178.3:80RequestGET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 18 Oct 2024 23:53:38 GMT
Expires: Sat, 19 Oct 2024 00:43:38 GMT
Cache-Control: public, max-age=3000
Age: 1461
Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:142.250.178.3:80RequestGET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 18 Oct 2024 23:53:42 GMT
Expires: Sat, 19 Oct 2024 00:43:42 GMT
Cache-Control: public, max-age=3000
Age: 1458
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Request3.178.250.142.in-addr.arpaIN PTRResponse3.178.250.142.in-addr.arpaIN PTRlhr48s27-in-f31e100net
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=Remote address:150.171.27.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0EAEC7AE8E116D4E14ECD2B38F176C6F; domain=.bing.com; expires=Thu, 13-Nov-2025 00:18:01 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E8E1B82A7D8A42BA984FFCF74E832A92 Ref B: LON601060107031 Ref C: 2024-10-19T00:18:01Z
date: Sat, 19 Oct 2024 00:18:00 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=Remote address:150.171.27.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0EAEC7AE8E116D4E14ECD2B38F176C6F
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=HH3acmUtRBvbxjO59RFb6vQdM9IDXMqU2x8GFau-gwg; domain=.bing.com; expires=Thu, 13-Nov-2025 00:18:01 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CD4E5AA128D345819687EF088A0F8420 Ref B: LON601060107031 Ref C: 2024-10-19T00:18:01Z
date: Sat, 19 Oct 2024 00:18:00 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=Remote address:150.171.27.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0EAEC7AE8E116D4E14ECD2B38F176C6F; MSPTC=HH3acmUtRBvbxjO59RFb6vQdM9IDXMqU2x8GFau-gwg
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B4BCBD2AD2BE42B8AE9330488A6E0543 Ref B: LON601060107031 Ref C: 2024-10-19T00:18:01Z
date: Sat, 19 Oct 2024 00:18:01 GMT
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request56.163.245.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request77.190.18.2.in-addr.arpaIN PTRResponse77.190.18.2.in-addr.arpaIN PTRa2-18-190-77deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 470956
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 51D91021312F489FA485A0E23BC2B566 Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
date: Sat, 19 Oct 2024 00:19:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 502729
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 52CA56F2CBB5463EB2FCF81ECE2B4DE4 Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
date: Sat, 19 Oct 2024 00:19:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 193575
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A3B506BBFF6D460C91A0E7A852842F86 Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
date: Sat, 19 Oct 2024 00:19:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 473680
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 74A2B3CF34FC4D7DA5123A44D345EAE0 Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
date: Sat, 19 Oct 2024 00:19:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 435129
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0D63AE044A514DC6BFAD15E13441967B Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
date: Sat, 19 Oct 2024 00:19:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 195935
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B3896B27E2D14426AABAF6BF39F85A0B Ref B: LON601060104042 Ref C: 2024-10-19T00:20:07Z
date: Sat, 19 Oct 2024 00:20:06 GMT
-
Remote address:8.8.8.8:53Request226.162.46.104.in-addr.arpaIN PTRResponse
-
104.26.14.72:443https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updatetls, httpSubnautica v1.0-v20210512 Plus 15 Trainer.exe1.4kB 7.4kB 16 12
HTTP Request
GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updateHTTP Response
200 -
104.26.14.72:443https://flingtrainer.com/wp-content/check-for-trainer-update/subnautica-trainertls, httpSubnautica v1.0-v20210512 Plus 15 Trainer.exe1.2kB 5.4kB 14 11
HTTP Request
GET https://flingtrainer.com/wp-content/check-for-trainer-update/subnautica-trainerHTTP Response
200 -
813 B 5.0kB 10 7
HTTP Request
GET http://c.pki.goog/r/gsr1.crlHTTP Response
200HTTP Request
GET http://c.pki.goog/r/r4.crlHTTP Response
200 -
150.171.27.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=tls, http22.3kB 9.8kB 25 20
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=HTTP Response
204 -
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http286.5kB 2.5MB 1798 1792
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
1.2kB 7.3kB 16 13
-
1.3kB 7.3kB 17 13
-
1.2kB 7.3kB 16 13
-
1.2kB 7.3kB 16 13
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
62 B 110 B 1 1
DNS Request
flingtrainer.com
DNS Response
104.26.14.72104.26.15.72172.67.73.26
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
168 B 148 B 3 1
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Response
150.171.27.10150.171.28.10
-
71 B 133 B 1 1
DNS Request
72.14.26.104.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
79.190.18.2.in-addr.arpa
-
56 B 107 B 1 1
DNS Request
c.pki.goog
DNS Response
142.250.178.3
-
72 B 110 B 1 1
DNS Request
3.178.250.142.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
284 B 157 B 4 1
DNS Request
205.47.74.20.in-addr.arpa
DNS Request
205.47.74.20.in-addr.arpa
DNS Request
205.47.74.20.in-addr.arpa
DNS Request
205.47.74.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
56.163.245.4.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
77.190.18.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
-
73 B 147 B 1 1
DNS Request
226.162.46.104.in-addr.arpa