Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 19:03

General

  • Target

    f9789caac1d5ebec982c1e56156eeaba9635c705104c77a48602d2aa3f43635f.exe

  • Size

    1.1MB

  • MD5

    1e6fc45ebea637f8e630dda82edcb3fa

  • SHA1

    384d3a1238ac6f97f3d1ac42715e8f16f59ac18a

  • SHA256

    f9789caac1d5ebec982c1e56156eeaba9635c705104c77a48602d2aa3f43635f

  • SHA512

    cf11c0b07025936316bc17d3b227e6d28630f47cbb5cff1ae032b0b2e0d2ddeda0f54d27ba2b2e030645c3f90a0199e44072d4a63cf25cda2428b2e34d0956ec

  • SSDEEP

    24576:yJCp+zNkHOvnDUDuMJth9SHIP1DuGpDYpk:yJKHOvnDUDdWU1

Malware Config

Extracted

Family

redline

Botnet

@vidradom1234

C2

94.142.138.4:80

Attributes
  • auth_value

    f6e0be4e7ddc7c0185ef8d636b4e28cc

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9789caac1d5ebec982c1e56156eeaba9635c705104c77a48602d2aa3f43635f.exe
    "C:\Users\Admin\AppData\Local\Temp\f9789caac1d5ebec982c1e56156eeaba9635c705104c77a48602d2aa3f43635f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
        PID:3692

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DZTdE5AFzgYim3_2b2y5YjVUCUzG2VhPAik-T73i2Mz5JUPuyPpe88UvStvo_BuLPr3si1ptncm7zAEqBmrdKO883YTxBEhkBrA_as5osk6IJyz_9IIghxZA-PWt_xhU3gX4pRD3Gpd5XoJx0WzTH8uhzT2af35vKgHTU3hlXLJYjwsC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0aa0756afdfd1a0b87d313415ae7918e&TIME=20240426T130810Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DZTdE5AFzgYim3_2b2y5YjVUCUzG2VhPAik-T73i2Mz5JUPuyPpe88UvStvo_BuLPr3si1ptncm7zAEqBmrdKO883YTxBEhkBrA_as5osk6IJyz_9IIghxZA-PWt_xhU3gX4pRD3Gpd5XoJx0WzTH8uhzT2af35vKgHTU3hlXLJYjwsC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0aa0756afdfd1a0b87d313415ae7918e&TIME=20240426T130810Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=06FB22EAB33064C20143366DB217655B; domain=.bing.com; expires=Mon, 16-Jun-2025 19:04:05 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5C1AEDD456704C7DBBD0FE3D843835EE Ref B: LON04EDGE0614 Ref C: 2024-05-22T19:04:05Z
      date: Wed, 22 May 2024 19:04:05 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DZTdE5AFzgYim3_2b2y5YjVUCUzG2VhPAik-T73i2Mz5JUPuyPpe88UvStvo_BuLPr3si1ptncm7zAEqBmrdKO883YTxBEhkBrA_as5osk6IJyz_9IIghxZA-PWt_xhU3gX4pRD3Gpd5XoJx0WzTH8uhzT2af35vKgHTU3hlXLJYjwsC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0aa0756afdfd1a0b87d313415ae7918e&TIME=20240426T130810Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DZTdE5AFzgYim3_2b2y5YjVUCUzG2VhPAik-T73i2Mz5JUPuyPpe88UvStvo_BuLPr3si1ptncm7zAEqBmrdKO883YTxBEhkBrA_as5osk6IJyz_9IIghxZA-PWt_xhU3gX4pRD3Gpd5XoJx0WzTH8uhzT2af35vKgHTU3hlXLJYjwsC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0aa0756afdfd1a0b87d313415ae7918e&TIME=20240426T130810Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=06FB22EAB33064C20143366DB217655B; _EDGE_S=SID=3FA1E4E2D5E46FFC2325F065D4096E08
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=Ujz-bu4PYdm_ublbiRV3wMaULqCuxya_wr8vs8tklQI; domain=.bing.com; expires=Mon, 16-Jun-2025 19:04:06 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 821CB3A321A04D5F8A60C2116AD41AD9 Ref B: LON04EDGE0614 Ref C: 2024-05-22T19:04:06Z
      date: Wed, 22 May 2024 19:04:06 GMT
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      4.138.142.94.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      4.138.142.94.in-addr.arpa
      IN PTR
      Response
      4.138.142.94.in-addr.arpa
      IN PTR
      doting-fallaezanetwork
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=2ef009ec9c2c40698e85bfc7f6a77bb3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T130810Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984
      Remote address:
      23.62.61.194:443
      Request
      GET /aes/c.gif?RG=2ef009ec9c2c40698e85bfc7f6a77bb3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T130810Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=06FB22EAB33064C20143366DB217655B
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CA093FCC580E44DEA1D861B2FAD8E8EA Ref B: AMS04EDGE3311 Ref C: 2024-05-22T19:04:06Z
      content-length: 0
      date: Wed, 22 May 2024 19:04:06 GMT
      set-cookie: _EDGE_S=SID=3FA1E4E2D5E46FFC2325F065D4096E08; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=06FB22EAB33064C20143366DB217655B; path=/; httponly; expires=Mon, 16-Jun-2025 19:04:06 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.be3d3e17.1716404646.12c7f068
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • flag-us
      DNS
      194.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.61.62.23.in-addr.arpa
      IN PTR
      Response
      194.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      136.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      23.62.61.155:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=06FB22EAB33064C20143366DB217655B; _EDGE_S=SID=3FA1E4E2D5E46FFC2325F065D4096E08; MSPTC=Ujz-bu4PYdm_ublbiRV3wMaULqCuxya_wr8vs8tklQI; MUIDB=06FB22EAB33064C20143366DB217655B
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Wed, 22 May 2024 19:04:08 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.973d3e17.1716404648.1c47ffb3
    • flag-us
      DNS
      155.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      155.61.62.23.in-addr.arpa
      IN PTR
      Response
      155.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-155deploystaticakamaitechnologiescom
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 659775
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5E60CE8AD2FD4847BF28623A8417742A Ref B: LON04EDGE1113 Ref C: 2024-05-22T19:05:42Z
      date: Wed, 22 May 2024 19:05:42 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 627437
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E3772096FDD441EE8D19E4DC26430B2D Ref B: LON04EDGE1113 Ref C: 2024-05-22T19:05:42Z
      date: Wed, 22 May 2024 19:05:42 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 621794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 30DC5FBCA08A4FBE9203F137407C1B95 Ref B: LON04EDGE1113 Ref C: 2024-05-22T19:05:42Z
      date: Wed, 22 May 2024 19:05:42 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 792794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1A2EC0C0A6594B3987936B65917E8FBC Ref B: LON04EDGE1113 Ref C: 2024-05-22T19:05:42Z
      date: Wed, 22 May 2024 19:05:42 GMT
    • 94.142.138.4:80
      http
      vbc.exe
      266 B
      132 B
      5
      3
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DZTdE5AFzgYim3_2b2y5YjVUCUzG2VhPAik-T73i2Mz5JUPuyPpe88UvStvo_BuLPr3si1ptncm7zAEqBmrdKO883YTxBEhkBrA_as5osk6IJyz_9IIghxZA-PWt_xhU3gX4pRD3Gpd5XoJx0WzTH8uhzT2af35vKgHTU3hlXLJYjwsC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0aa0756afdfd1a0b87d313415ae7918e&TIME=20240426T130810Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6
      tls, http2
      2.5kB
      9.0kB
      19
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DZTdE5AFzgYim3_2b2y5YjVUCUzG2VhPAik-T73i2Mz5JUPuyPpe88UvStvo_BuLPr3si1ptncm7zAEqBmrdKO883YTxBEhkBrA_as5osk6IJyz_9IIghxZA-PWt_xhU3gX4pRD3Gpd5XoJx0WzTH8uhzT2af35vKgHTU3hlXLJYjwsC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0aa0756afdfd1a0b87d313415ae7918e&TIME=20240426T130810Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DZTdE5AFzgYim3_2b2y5YjVUCUzG2VhPAik-T73i2Mz5JUPuyPpe88UvStvo_BuLPr3si1ptncm7zAEqBmrdKO883YTxBEhkBrA_as5osk6IJyz_9IIghxZA-PWt_xhU3gX4pRD3Gpd5XoJx0WzTH8uhzT2af35vKgHTU3hlXLJYjwsC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0aa0756afdfd1a0b87d313415ae7918e&TIME=20240426T130810Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

      HTTP Response

      204
    • 23.62.61.194:443
      https://www.bing.com/aes/c.gif?RG=2ef009ec9c2c40698e85bfc7f6a77bb3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T130810Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984
      tls, http2
      1.5kB
      5.4kB
      17
      13

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=2ef009ec9c2c40698e85bfc7f6a77bb3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T130810Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984

      HTTP Response

      200
    • 23.62.61.155:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.7kB
      6.4kB
      18
      13

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 94.142.138.4:80
      http
      vbc.exe
      266 B
      132 B
      5
      3
    • 94.142.138.4:80
      http
      vbc.exe
      266 B
      132 B
      5
      3
    • 94.142.138.4:80
      http
      vbc.exe
      266 B
      132 B
      5
      3
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      99.0kB
      2.8MB
      2036
      2034

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      13
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 94.142.138.4:80
      http
      vbc.exe
      266 B
      132 B
      5
      3
    • 94.142.138.4:80
      http
      vbc.exe
      266 B
      132 B
      5
      3
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
      90 B
      1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      4.138.142.94.in-addr.arpa
      dns
      71 B
      109 B
      1
      1

      DNS Request

      4.138.142.94.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
      116 B
      1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    • 8.8.8.8:53
      194.61.62.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      194.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      136.32.126.40.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      136.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      155.61.62.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      155.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      48.229.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      48.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
      173 B
      1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2304-0-0x0000000000AEE000-0x0000000000AF0000-memory.dmp

      Filesize

      8KB

    • memory/3692-1-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

    • memory/3692-6-0x0000000074CCE000-0x0000000074CCF000-memory.dmp

      Filesize

      4KB

    • memory/3692-7-0x0000000002AC0000-0x0000000002AC6000-memory.dmp

      Filesize

      24KB

    • memory/3692-8-0x000000000B200000-0x000000000B818000-memory.dmp

      Filesize

      6.1MB

    • memory/3692-9-0x000000000CB90000-0x000000000CC9A000-memory.dmp

      Filesize

      1.0MB

    • memory/3692-10-0x000000000B0A0000-0x000000000B0B2000-memory.dmp

      Filesize

      72KB

    • memory/3692-12-0x0000000074CC0000-0x0000000075470000-memory.dmp

      Filesize

      7.7MB

    • memory/3692-11-0x000000000CB40000-0x000000000CB7C000-memory.dmp

      Filesize

      240KB

    • memory/3692-13-0x0000000004B10000-0x0000000004B5C000-memory.dmp

      Filesize

      304KB

    • memory/3692-14-0x0000000074CCE000-0x0000000074CCF000-memory.dmp

      Filesize

      4KB

    • memory/3692-15-0x0000000074CC0000-0x0000000075470000-memory.dmp

      Filesize

      7.7MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.