Overview

overview

8

Static

static

3

goodbyedpi...le.cmd

windows7-x64

8

goodbyedpi...le.cmd

windows10-2004-x64

8

goodbyedpi...st.cmd

windows7-x64

1

goodbyedpi...st.cmd

windows10-2004-x64

1

goodbyedpi...ir.cmd

windows7-x64

1

goodbyedpi...ir.cmd

windows10-2004-x64

1

goodbyedpi...ry.cmd

windows7-x64

1

goodbyedpi...ry.cmd

windows10-2004-x64

1

goodbyedpi...ir.cmd

windows7-x64

1

goodbyedpi...ir.cmd

windows10-2004-x64

1

goodbyedpi...st.cmd

windows7-x64

1

goodbyedpi...st.cmd

windows10-2004-x64

1

goodbyedpi...ir.cmd

windows7-x64

1

goodbyedpi...ir.cmd

windows10-2004-x64

1

goodbyedpi...ve.cmd

windows7-x64

1

goodbyedpi...ve.cmd

windows10-2004-x64

1

goodbyedpi...rt.dll

windows7-x64

3

goodbyedpi...rt.dll

windows10-2004-x64

3

goodbyedpi...32.sys

windows7-x64

1

goodbyedpi...32.sys

windows10-2004-x64

1

goodbyedpi...64.sys

windows7-x64

1

goodbyedpi...64.sys

windows10-2004-x64

1

goodbyedpi...pi.exe

windows7-x64

1

goodbyedpi...pi.exe

windows10-2004-x64

3

goodbyedpi...rt.dll

windows7-x64

1

goodbyedpi...rt.dll

windows10-2004-x64

1

goodbyedpi...64.sys

windows7-x64

1

goodbyedpi...64.sys

windows10-2004-x64

1

goodbyedpi...pi.exe

windows7-x64

1

goodbyedpi...pi.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    104s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250313-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2025, 05:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    goodbyedpi-0.2.2/x86/WinDivert32.sys

  • Size

    42KB

  • MD5

    067f9a24d630670f543d95a98cc199df

  • SHA1

    55695beff89f396679ac69cbf784a492d1b54e5d

  • SHA256

    b2ef49a10d07df6db483e86516d2dfaaaa2f30f4a93dd152fa85f09f891cd049

  • SHA512

    045de3d5ad262e34a42007c623f4f4b5dc0a9cf9d266a31095a274924e6b9f9165bdb5d96c95ca7107fee70b2a9f538b92e4d07faa88a94e2ef313e61eda9697

  • SSDEEP

    768:uph25O0qJS/ozwm+0l3qwO1XjtvD5dhl3yk:uph2I0eV1pl8Xx99Ck

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\goodbyedpi-0.2.2\x86\WinDivert32.sys
    1⤵
      PID:1844
      • C:\Users\Admin\AppData\Local\Temp\goodbyedpi-0.2.2\x86\WinDivert32.sys
        C:\Users\Admin\AppData\Local\Temp\goodbyedpi-0.2.2\x86\WinDivert32.sys
        2⤵
          PID:5516

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.ax-0001.ax-msedge.net
        g-bing-com.ax-0001.ax-msedge.net
        IN CNAME
        ax-0001.ax-msedge.net
        ax-0001.ax-msedge.net
        IN A
        150.171.28.10
        ax-0001.ax-msedge.net
        IN A
        150.171.27.10
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=
        Remote address:
        150.171.28.10:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=036F67DE12F067823BF37265131066AA; domain=.bing.com; expires=Mon, 20-Apr-2026 05:08:30 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: E1AA0671F6234F4EA4CC5C0241B3C34E Ref B: LON04EDGE1021 Ref C: 2025-03-26T05:08:30Z
        date: Wed, 26 Mar 2025 05:08:30 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=
        Remote address:
        150.171.28.10:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=036F67DE12F067823BF37265131066AA
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=Euvq5MXecimV4TutQTlNziLJcHF9TmSCSxBq7lODbjo; domain=.bing.com; expires=Mon, 20-Apr-2026 05:08:30 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 43D29A8A707D4F97A67BF3EE9B84D94D Ref B: LON04EDGE1021 Ref C: 2025-03-26T05:08:30Z
        date: Wed, 26 Mar 2025 05:08:30 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=
        Remote address:
        150.171.28.10:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=036F67DE12F067823BF37265131066AA; MSPTC=Euvq5MXecimV4TutQTlNziLJcHF9TmSCSxBq7lODbjo
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: C831D7A859A7441BA21CD656DB62CFC8 Ref B: LON04EDGE1021 Ref C: 2025-03-26T05:08:30Z
        date: Wed, 26 Mar 2025 05:08:30 GMT
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        ax-0001.ax-msedge.net
        ax-0001.ax-msedge.net
        IN A
        150.171.28.10
        ax-0001.ax-msedge.net
        IN A
        150.171.27.10
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301723_1VP0V0AJHJH9BAT7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301723_1VP0V0AJHJH9BAT7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 725858
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 8F152492274A48519C05DBC97698ED4C Ref B: LON04EDGE1210 Ref C: 2025-03-26T05:09:05Z
        date: Wed, 26 Mar 2025 05:09:04 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239357290388_16CMXFO1MXGSZHTL5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239357290388_16CMXFO1MXGSZHTL5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 859811
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 7CD3C4CFFE81410FA951EFF591DCA0F5 Ref B: LON04EDGE1210 Ref C: 2025-03-26T05:09:05Z
        date: Wed, 26 Mar 2025 05:09:04 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301314_15NH4Q4MRESFVC85L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301314_15NH4Q4MRESFVC85L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 308655
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 233D228698FC4B259B94D604D17DDD4B Ref B: LON04EDGE1210 Ref C: 2025-03-26T05:09:05Z
        date: Wed, 26 Mar 2025 05:09:04 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 550329
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: B93B52E3A5FD4B05ACF12BEEC8210812 Ref B: LON04EDGE1210 Ref C: 2025-03-26T05:09:05Z
        date: Wed, 26 Mar 2025 05:09:04 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239357290389_1WHXB2JL6W3CH3HF1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239357290389_1WHXB2JL6W3CH3HF1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 397494
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: C9F6B46AF4394D66B7EE047B5751C46F Ref B: LON04EDGE1210 Ref C: 2025-03-26T05:09:05Z
        date: Wed, 26 Mar 2025 05:09:04 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 586035
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 067579DA07A34C97A3A670BFFC616E4A Ref B: LON04EDGE1210 Ref C: 2025-03-26T05:09:06Z
        date: Wed, 26 Mar 2025 05:09:05 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301723_1VP0V0AJHJH9BAT7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301723_1VP0V0AJHJH9BAT7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239357290389_1WHXB2JL6W3CH3HF1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239357290389_1WHXB2JL6W3CH3HF1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239357290388_16CMXFO1MXGSZHTL5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239357290388_16CMXFO1MXGSZHTL5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301314_15NH4Q4MRESFVC85L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301314_15NH4Q4MRESFVC85L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        DNS
        c.pki.goog
        Remote address:
        8.8.8.8:53
        Request
        c.pki.goog
        IN A
        Response
        c.pki.goog
        IN CNAME
        pki-goog.l.google.com
        pki-goog.l.google.com
        IN A
        142.250.180.3
      • flag-gb
        GET
        http://c.pki.goog/r/r1.crl
        Remote address:
        142.250.180.3:80
        Request
        GET /r/r1.crl HTTP/1.1
        Cache-Control: max-age = 3000
        Connection: Keep-Alive
        Accept: */*
        If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
        User-Agent: Microsoft-CryptoAPI/10.0
        Host: c.pki.goog
        Response
        HTTP/1.1 304 Not Modified
        Date: Wed, 26 Mar 2025 04:59:52 GMT
        Expires: Wed, 26 Mar 2025 05:49:52 GMT
        Age: 579
        Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
        Cache-Control: public, max-age=3000
        Vary: Accept-Encoding
      • 150.171.28.10:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=
        tls, http2
        2.0kB
         9.4kB
         21
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=658b3112fd6e4648bd1e567d9dd31c12&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

        HTTP Response

        204
      • 150.171.28.10:443
        https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        tls, http2
        123.1kB
         3.6MB
         2585
        2578

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301723_1VP0V0AJHJH9BAT7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239357290388_16CMXFO1MXGSZHTL5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301314_15NH4Q4MRESFVC85L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239357290389_1WHXB2JL6W3CH3HF1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Response

        200
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         6.9kB
         15
        12
      • 150.171.28.10:443
        https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        tls, http2
        1.8kB
         6.5kB
         15
        14

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301723_1VP0V0AJHJH9BAT7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239357290389_1WHXB2JL6W3CH3HF1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239357290388_16CMXFO1MXGSZHTL5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301314_15NH4Q4MRESFVC85L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         6.9kB
         15
        12
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         6.9kB
         15
        13
      • 142.250.180.3:80
        http://c.pki.goog/r/r1.crl
        http
        476 B
         394 B
         6
        4

        HTTP Request

        GET http://c.pki.goog/r/r1.crl

        HTTP Response

        304
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         148 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        150.171.28.10
        150.171.27.10

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         170 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        150.171.28.10
        150.171.27.10

      • 8.8.8.8:53
        c.pki.goog
        dns
        56 B
         107 B
         1
        1

        DNS Request

        c.pki.goog

        DNS Response

        142.250.180.3

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/5516-0-0x0000000000010000-0x000000000001B000-memory.dmp

        Filesize

        44KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.