Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 17:51
Behavioral task
behavioral1
Sample
Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
Resource
win10v2004-20240709-en
General
-
Target
Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
-
Size
1.4MB
-
MD5
2228fc9baff42b17b27da3dd76d2eb27
-
SHA1
50b764600b72a076b68c50073adcf2d130c0a1ac
-
SHA256
797a5c03655c080542da9bd10623d0b77c92b04b36e047f7ac0cb792a87e2f02
-
SHA512
237f0dfecf9d0a216669ce9a7aa3debe5659b60c8289b036402ddc2e7b73aa61c03b4dbd753552462b8c6033993b9b327801c18de6c214697381f27b4d7a1a8e
-
SSDEEP
24576:Q4c9PPAFHpgUut2mekVDp8bI2SCIzyabDSVXT5XAIA4:cOpgN5eK8xSCIz1IXT5XAI
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3508 Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe"C:\Users\Admin\AppData\Local\Temp\Halo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3508
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
DNSflingtrainer.comHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exeRemote address:8.8.8.8:53Requestflingtrainer.comIN AResponseflingtrainer.comIN A104.21.85.118flingtrainer.comIN A172.67.205.150
-
GEThttps://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updateHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exeRemote address:104.21.85.118:443RequestGET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
User-Agent: FLiNGTrainer
Host: flingtrainer.com
ResponseHTTP/1.1 200 OK
Content-Length: 6
Connection: keep-alive
vary: User-Agent
last-modified: Tue, 09 May 2023 12:34:22 GMT
etag: "6-5fb41f9908f80"
accept-ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVCfiIIjqDDVSJrXOIrdYv18wlguhH0OYBqTbuHbRxFIoyrtQMygnNZ%2BECGOoGRvAhc66Y3K59DB72XAgQeuyRgyX5dCeestwq0nlnnMXcw%2BJLtJdoqDufC%2Fzsaihn%2FKb%2FcD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8a7d858bcf03bd9b-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://flingtrainer.com/wp-content/check-for-trainer-update/halo-the-master-chief-collection-halo-ce-anniversary-trainerHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exeRemote address:104.21.85.118:443RequestGET /wp-content/check-for-trainer-update/halo-the-master-chief-collection-halo-ce-anniversary-trainer HTTP/1.1
User-Agent: FLiNGTrainer
Host: flingtrainer.com
ResponseHTTP/1.1 200 OK
Content-Length: 11
Connection: keep-alive
vary: User-Agent
last-modified: Wed, 13 Mar 2024 12:12:56 GMT
etag: "b-61389b1e77af4"
accept-ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHQNrwy1578aBC1YcmJdiQdzdQ4ky7BtsdjZppr7nuFLXju8y%2Bz0kA%2ByFsTlX0FiT5LTVMYmP415LHL%2BfPlbW3ceDOmZQ%2BpaSjDVpaXk7xaUsv6LvjMkDKIPBzVRTSFlIBKm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8a7d8594fb7fbd9b-LHR
alt-svc: h3=":443"; ma=86400
-
DNSc.pki.googHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exeRemote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A172.217.169.3
-
GEThttp://c.pki.goog/r/gsr1.crlHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exeRemote address:172.217.169.3:80RequestGET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 23 Jul 2024 17:29:05 GMT
Expires: Tue, 23 Jul 2024 18:19:05 GMT
Cache-Control: public, max-age=3000
Age: 1374
Last-Modified: Mon, 08 Jul 2024 07:38:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
GEThttp://c.pki.goog/r/r4.crlHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exeRemote address:172.217.169.3:80RequestGET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 23 Jul 2024 17:29:05 GMT
Expires: Tue, 23 Jul 2024 18:19:05 GMT
Cache-Control: public, max-age=3000
Age: 1374
Last-Modified: Wed, 01 Nov 2023 07:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Request118.85.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request3.169.217.172.in-addr.arpaIN PTRResponse3.169.217.172.in-addr.arpaIN PTRlhr25s26-in-f31e100net
-
Remote address:8.8.8.8:53Request68.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2C82668205076E1E10D9724704E76F9E; domain=.bing.com; expires=Sun, 17-Aug-2025 17:52:00 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5BF23B50053D4CD0ACF493F192E1E840 Ref B: LON04EDGE1011 Ref C: 2024-07-23T17:52:00Z
date: Tue, 23 Jul 2024 17:51:59 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2C82668205076E1E10D9724704E76F9E
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=cXVU9WufyC0AUzfx4nnmMh1taFso2oZS121-Qp8-Wr8; domain=.bing.com; expires=Sun, 17-Aug-2025 17:52:00 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ACD137BA49044548B2592697107DA8D5 Ref B: LON04EDGE1011 Ref C: 2024-07-23T17:52:00Z
date: Tue, 23 Jul 2024 17:52:00 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2C82668205076E1E10D9724704E76F9E; MSPTC=cXVU9WufyC0AUzfx4nnmMh1taFso2oZS121-Qp8-Wr8
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B706548BD92240D290289DBCD08B897C Ref B: LON04EDGE1011 Ref C: 2024-07-23T17:52:00Z
date: Tue, 23 Jul 2024 17:52:00 GMT
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239357289900_1PPDKUH20A1QAJKE3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239357289900_1PPDKUH20A1QAJKE3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 677060
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8531F06E306247EDB712DF1B400629A0 Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
date: Tue, 23 Jul 2024 17:53:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301718_1O49LH3F36Y9OZ53W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301718_1O49LH3F36Y9OZ53W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 267906
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7F490950DAE8437F824EDC9D2AC1094E Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
date: Tue, 23 Jul 2024 17:53:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 299452
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A56EBD5F357F477F891F8C67480CB8D0 Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
date: Tue, 23 Jul 2024 17:53:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 534196
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 445FCB94EE9C4C4084A2C73470C68F74 Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
date: Tue, 23 Jul 2024 17:53:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239357289901_1QPCP4IUNAJYEWMCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239357289901_1QPCP4IUNAJYEWMCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 630230
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D0113BA31BC54D039C10036884164D25 Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
date: Tue, 23 Jul 2024 17:53:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 522409
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BCAB22C490FC4EC9873BBC1AF5AC7A4C Ref B: LON04EDGE0612 Ref C: 2024-07-23T17:53:38Z
date: Tue, 23 Jul 2024 17:53:38 GMT
-
Remote address:8.8.8.8:53Request10.28.171.150.in-addr.arpaIN PTRResponse
-
104.21.85.118:443https://flingtrainer.com/wp-content/check-for-trainer-update/halo-the-master-chief-collection-halo-ce-anniversary-trainertls, httpHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe1.2kB 5.4kB 12 10
HTTP Request
GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-updateHTTP Response
200HTTP Request
GET https://flingtrainer.com/wp-content/check-for-trainer-update/halo-the-master-chief-collection-halo-ce-anniversary-trainerHTTP Response
200 -
172.217.169.3:80http://c.pki.goog/r/r4.crlhttpHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe602 B 3.9kB 8 6
HTTP Request
GET http://c.pki.goog/r/gsr1.crlHTTP Response
200HTTP Request
GET http://c.pki.goog/r/r4.crlHTTP Response
200 -
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=tls, http22.0kB 9.3kB 21 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3a68d4213ed4a979b6f86299857f075&localId=w:A55461EC-E2C0-7E26-6404-F1FD6509940B&deviceId=6966568319254816&anid=HTTP Response
204 -
1.2kB 6.9kB 15 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2105.4kB 3.0MB 2206 2201
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239357289900_1PPDKUH20A1QAJKE3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301718_1O49LH3F36Y9OZ53W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239357289901_1QPCP4IUNAJYEWMCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.8kB 15 12
-
1.2kB 6.9kB 15 13
-
1.2kB 6.8kB 15 11
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
232.168.11.51.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
73.144.22.2.in-addr.arpa
-
8.8.8.8:53flingtrainer.comdnsHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe62 B 94 B 1 1
DNS Request
flingtrainer.com
DNS Response
104.21.85.118172.67.205.150
-
8.8.8.8:53c.pki.googdnsHalo The Master Chief Collection (Halo CE Anniversary) v1.0-v20221219 Plus 13 Trainer.exe56 B 107 B 1 1
DNS Request
c.pki.goog
DNS Response
172.217.169.3
-
72 B 134 B 1 1
DNS Request
118.85.21.104.in-addr.arpa
-
72 B 110 B 1 1
DNS Request
3.169.217.172.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
68.159.190.20.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
72 B 158 B 1 1
DNS Request
10.28.171.150.in-addr.arpa
-