Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-07-2024 17:51

General

  • Target

    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe

  • Size

    1.4MB

  • MD5

    2228fc9baff42b17b27da3dd76d2eb27

  • SHA1

    50b764600b72a076b68c50073adcf2d130c0a1ac

  • SHA256

    797a5c03655c080542da9bd10623d0b77c92b04b36e047f7ac0cb792a87e2f02

  • SHA512

    237f0dfecf9d0a216669ce9a7aa3debe5659b60c8289b036402ddc2e7b73aa61c03b4dbd753552462b8c6033993b9b327801c18de6c214697381f27b4d7a1a8e

  • SSDEEP

    24576:Q4c9PPAFHpgUut2mekVDp8bI2SCIzyabDSVXT5XAIA4:cOpgN5eK8xSCIz1IXT5XAI

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3508

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    flingtrainer.com
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    Remote address:
    8.8.8.8:53
    Request
    flingtrainer.com
    IN A
    Response
    flingtrainer.com
    IN A
    104.21.85.118
    flingtrainer.com
    IN A
    172.67.205.150
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    Remote address:
    104.21.85.118:443
    Request
    GET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 23 Jul 2024 17:51:59 GMT
    Content-Length: 6
    Connection: keep-alive
    vary: User-Agent
    last-modified: Tue, 09 May 2023 12:34:22 GMT
    etag: "6-5fb41f9908f80"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVCfiIIjqDDVSJrXOIrdYv18wlguhH0OYBqTbuHbRxFIoyrtQMygnNZ%2BECGOoGRvAhc66Y3K59DB72XAgQeuyRgyX5dCeestwq0nlnnMXcw%2BJLtJdoqDufC%2Fzsaihn%2FKb%2FcD"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8a7d858bcf03bd9b-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/halo-the-master-chief-collection-halo-ce-anniversary-trainer
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    Remote address:
    104.21.85.118:443
    Request
    GET /wp-content/check-for-trainer-update/halo-the-master-chief-collection-halo-ce-anniversary-trainer HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Tue, 23 Jul 2024 17:52:00 GMT
    Content-Length: 11
    Connection: keep-alive
    vary: User-Agent
    last-modified: Wed, 13 Mar 2024 12:12:56 GMT
    etag: "b-61389b1e77af4"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHQNrwy1578aBC1YcmJdiQdzdQ4ky7BtsdjZppr7nuFLXju8y%2Bz0kA%2ByFsTlX0FiT5LTVMYmP415LHL%2BfPlbW3ceDOmZQ%2BpaSjDVpaXk7xaUsv6LvjMkDKIPBzVRTSFlIBKm"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8a7d8594fb7fbd9b-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    c.pki.goog
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    172.217.169.3
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    Remote address:
    172.217.169.3:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 23 Jul 2024 17:29:05 GMT
    Expires: Tue, 23 Jul 2024 18:19:05 GMT
    Cache-Control: public, max-age=3000
    Age: 1374
    Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    Remote address:
    172.217.169.3:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 23 Jul 2024 17:29:05 GMT
    Expires: Tue, 23 Jul 2024 18:19:05 GMT
    Cache-Control: public, max-age=3000
    Age: 1374
    Last-Modified: Wed, 01 Nov 2023 07:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    118.85.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    118.85.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    3.169.217.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.169.217.172.in-addr.arpa
    IN PTR
    Response
    3.169.217.172.in-addr.arpa
    IN PTR
    lhr25s26-in-f31e100net
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2C82668205076E1E10D9724704E76F9E; domain=.bing.com; expires=Sun, 17-Aug-2025 17:52:00 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5BF23B50053D4CD0ACF493F192E1E840 Ref B: LON04EDGE1011 Ref C: 2024-07-23T17:52:00Z
    date: Tue, 23 Jul 2024 17:51:59 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2C82668205076E1E10D9724704E76F9E
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=cXVU9WufyC0AUzfx4nnmMh1taFso2oZS121-Qp8-Wr8; domain=.bing.com; expires=Sun, 17-Aug-2025 17:52:00 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: ACD137BA49044548B2592697107DA8D5 Ref B: LON04EDGE1011 Ref C: 2024-07-23T17:52:00Z
    date: Tue, 23 Jul 2024 17:52:00 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2C82668205076E1E10D9724704E76F9E; MSPTC=cXVU9WufyC0AUzfx4nnmMh1taFso2oZS121-Qp8-Wr8
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B706548BD92240D290289DBCD08B897C Ref B: LON04EDGE1011 Ref C: 2024-07-23T17:52:00Z
    date: Tue, 23 Jul 2024 17:52:00 GMT
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239357289900_1PPDKUH20A1QAJKE3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239357289900_1PPDKUH20A1QAJKE3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 677060
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8531F06E306247EDB712DF1B400629A0 Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
    date: Tue, 23 Jul 2024 17:53:37 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301718_1O49LH3F36Y9OZ53W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301718_1O49LH3F36Y9OZ53W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 267906
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7F490950DAE8437F824EDC9D2AC1094E Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
    date: Tue, 23 Jul 2024 17:53:37 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 299452
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A56EBD5F357F477F891F8C67480CB8D0 Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
    date: Tue, 23 Jul 2024 17:53:37 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 534196
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 445FCB94EE9C4C4084A2C73470C68F74 Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
    date: Tue, 23 Jul 2024 17:53:37 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239357289901_1QPCP4IUNAJYEWMCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239357289901_1QPCP4IUNAJYEWMCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 630230
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D0113BA31BC54D039C10036884164D25 Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
    date: Tue, 23 Jul 2024 17:53:37 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 522409
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BCAB22C490FC4EC9873BBC1AF5AC7A4C Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
    date: Tue, 23 Jul 2024 17:53:38 GMT
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • 104.21.85.118:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/halo-the-master-chief-collection-halo-ce-anniversary-trainer
    tls, http
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    1.2kB
    5.4kB
    12
    10

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update

    HTTP Response

    200

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/halo-the-master-chief-collection-halo-ce-anniversary-trainer

    HTTP Response

    200
  • 172.217.169.3:80
    http://c.pki.goog/r/r4.crl
    http
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    602 B
    3.9kB
    8
    6

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=
    tls, http2
    2.0kB
    9.3kB
    21
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=

    HTTP Response

    204
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    105.4kB
    3.0MB
    2206
    2201

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239357289900_1PPDKUH20A1QAJKE3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301718_1O49LH3F36Y9OZ53W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239357289901_1QPCP4IUNAJYEWMCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.8kB
    15
    12
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.8kB
    15
    11
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    flingtrainer.com
    dns
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    62 B
    94 B
    1
    1

    DNS Request

    flingtrainer.com

    DNS Response

    104.21.85.118
    172.67.205.150

  • 8.8.8.8:53
    c.pki.goog
    dns
    Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    172.217.169.3

  • 8.8.8.8:53
    118.85.21.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    118.85.21.104.in-addr.arpa

  • 8.8.8.8:53
    3.169.217.172.in-addr.arpa
    dns
    72 B
    110 B
    1
    1

    DNS Request

    3.169.217.172.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
    143 B
    1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

  • 8.8.8.8:53

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3508-0-0x00007FF9DBB33000-0x00007FF9DBB35000-memory.dmp

    Filesize

    8KB

  • memory/3508-3-0x00000247EC7C0000-0x00000247EC7F2000-memory.dmp

    Filesize

    200KB

  • memory/3508-6-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3508-7-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3508-8-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3508-9-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3508-10-0x00000247EE770000-0x00000247EE778000-memory.dmp

    Filesize

    32KB

  • memory/3508-12-0x00000247EE7C0000-0x00000247EE7CE000-memory.dmp

    Filesize

    56KB

  • memory/3508-11-0x00000247EE7F0000-0x00000247EE828000-memory.dmp

    Filesize

    224KB

  • memory/3508-13-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3508-26-0x00007FF9DBB33000-0x00007FF9DBB35000-memory.dmp

    Filesize

    8KB

  • memory/3508-27-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3508-28-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3508-29-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3508-30-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3508-31-0x00007FF9DBB30000-0x00007FF9DC5F1000-memory.dmp

    Filesize

    10.8MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.