Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

252605a327...18.exe

windows7-x64

3

252605a327...18.exe

windows10-2004-x64

3

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ew.dll

windows7-x64

3

$PLUGINSDI...ew.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$TEMP/KWMU...te.exe

windows7-x64

7

$TEMP/KWMU...te.exe

windows10-2004-x64

7

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ew.dll

windows7-x64

3

$PLUGINSDI...ew.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$TEMP/soba...wo.exe

windows7-x64

7

$TEMP/soba...wo.exe

windows10-2004-x64

1

$PROGRAM_F...er.exe

windows7-x64

1

$PROGRAM_F...er.exe

windows10-2004-x64

1

$PROGRAM_F...ar.dll

windows7-x64

7

$PROGRAM_F...ar.dll

windows10-2004-x64

7

$PROGRAM_F...rX.dll

windows7-x64

7

$PROGRAM_F...rX.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 07:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PROGRAM_FILES/Baidu/AddressBar.dll

  • Size

    1.1MB

  • MD5

    57d9f8b6e595ef4a02d8630c53fddcc3

  • SHA1

    523dedd35613dc3221657876a3f5248e38e2a842

  • SHA256

    c9a2b8ff0be921e2ac2ff6993f7fecc486b02969254884f89af3a19babfcf7e6

  • SHA512

    e95f144caa3bb636fd4a085a24a41d95ac6dae1c47d729400bb65a37527863b02b15e98cb62121f2155956f8a2b177f3b1a11d9ba08881858924d9bd75be985e

  • SSDEEP

    24576:ToJx/zjXPRxxgihJfn9svZw/UDkK4ac3tHtTKJZTXjSH/:ToH//nxzhlXtNTKJdXjSH/

Score
7/10
adwarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 23 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES\Baidu\AddressBar.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES\Baidu\AddressBar.dll
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4180
      • C:\Users\Admin\AppData\Local\Temp\$PROGR~1\Baidu\{83164~1\ASBarBroker.exe
        "C:\Users\Admin\AppData\Local\Temp\$PROGR~1\Baidu\{83164~1\ASBarBroker.exe" -RegServer
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:2088

Network

  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85xj2PJIa4eriqxVq5X3gZjVUCUwRzDXM_veOMB5wNmEKUnTbcCd4XnJRSLEVrB7046H_9qe1qWh1cj8P0Wl0T8cJLsmuHw28WeFnU25cue1fXDmLkGfOrGI12DVK1dNh-fkFtmjxDiPP1P3Zt87uI4A62fCD_71fRtPncfBM9Y0DCTeZ%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dbddb11a533bf19b537d677cd9bfe3333&TIME=20240611T194152Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85xj2PJIa4eriqxVq5X3gZjVUCUwRzDXM_veOMB5wNmEKUnTbcCd4XnJRSLEVrB7046H_9qe1qWh1cj8P0Wl0T8cJLsmuHw28WeFnU25cue1fXDmLkGfOrGI12DVK1dNh-fkFtmjxDiPP1P3Zt87uI4A62fCD_71fRtPncfBM9Y0DCTeZ%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dbddb11a533bf19b537d677cd9bfe3333&TIME=20240611T194152Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=164AD8053F8F6FBB2062CCB73E6F6E80; domain=.bing.com; expires=Tue, 29-Jul-2025 07:41:51 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5DCFD9EDF1684F31B887B14D95B0FC69 Ref B: LON04EDGE1017 Ref C: 2024-07-04T07:41:51Z
    date: Thu, 04 Jul 2024 07:41:50 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85xj2PJIa4eriqxVq5X3gZjVUCUwRzDXM_veOMB5wNmEKUnTbcCd4XnJRSLEVrB7046H_9qe1qWh1cj8P0Wl0T8cJLsmuHw28WeFnU25cue1fXDmLkGfOrGI12DVK1dNh-fkFtmjxDiPP1P3Zt87uI4A62fCD_71fRtPncfBM9Y0DCTeZ%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dbddb11a533bf19b537d677cd9bfe3333&TIME=20240611T194152Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85xj2PJIa4eriqxVq5X3gZjVUCUwRzDXM_veOMB5wNmEKUnTbcCd4XnJRSLEVrB7046H_9qe1qWh1cj8P0Wl0T8cJLsmuHw28WeFnU25cue1fXDmLkGfOrGI12DVK1dNh-fkFtmjxDiPP1P3Zt87uI4A62fCD_71fRtPncfBM9Y0DCTeZ%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dbddb11a533bf19b537d677cd9bfe3333&TIME=20240611T194152Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=164AD8053F8F6FBB2062CCB73E6F6E80; _EDGE_S=SID=3C8EDB3EBFC362503555CF8CBEE463BA
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=3rIeaVfQk3gs5TADDW1OsEQiRh851ws6vXH1iJg5ri0; domain=.bing.com; expires=Tue, 29-Jul-2025 07:41:53 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 17337CF692D94F6883B4D3E125CCDAD3 Ref B: LON04EDGE1017 Ref C: 2024-07-04T07:41:53Z
    date: Thu, 04 Jul 2024 07:41:52 GMT
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-gb
    GET
    https://www.bing.com/aes/c.gif?RG=60f2a049fe694027a8e62b31a29c0170&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194152Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407
    Remote address:
    184.28.176.50:443
    Request
    GET /aes/c.gif?RG=60f2a049fe694027a8e62b31a29c0170&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194152Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=164AD8053F8F6FBB2062CCB73E6F6E80
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A3DF101A2C61410E9C755AA1D47338AE Ref B: LON04EDGE0718 Ref C: 2024-07-04T07:41:53Z
    content-length: 0
    date: Thu, 04 Jul 2024 07:41:53 GMT
    set-cookie: _EDGE_S=SID=3C8EDB3EBFC362503555CF8CBEE463BA; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=164AD8053F8F6FBB2062CCB73E6F6E80; path=/; httponly; expires=Tue, 29-Jul-2025 07:41:53 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.2eb01cb8.1720078912.25d55718
  • flag-us
    DNS
    50.176.28.184.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.176.28.184.in-addr.arpa
    IN PTR
    Response
    50.176.28.184.in-addr.arpa
    IN PTR
    a184-28-176-50deploystaticakamaitechnologiescom
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    192.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    192.142.123.92.in-addr.arpa
    IN PTR
    Response
    192.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-192deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300988_17HJ37E2JP0ASFIUD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317300988_17HJ37E2JP0ASFIUD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 781376
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 970513C2D33F4339B43619FD5791ED28 Ref B: LON04EDGE1122 Ref C: 2024-07-04T07:43:30Z
    date: Thu, 04 Jul 2024 07:43:29 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300933_1BHZAO1SQN99WZXJ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317300933_1BHZAO1SQN99WZXJ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 775238
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E682998789D3403FB40229E5FD8BCBA5 Ref B: LON04EDGE1122 Ref C: 2024-07-04T07:43:30Z
    date: Thu, 04 Jul 2024 07:43:29 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301421_1O9QSVM80YG18KICT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301421_1O9QSVM80YG18KICT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 608981
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7A1EF874E45841728D158E4B25281682 Ref B: LON04EDGE1122 Ref C: 2024-07-04T07:43:30Z
    date: Thu, 04 Jul 2024 07:43:29 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239359955652_1UH15L5Z2LXM3P8PA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239359955652_1UH15L5Z2LXM3P8PA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 591970
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5070AA82DE064F25976E8B5D40F0A3C3 Ref B: LON04EDGE1122 Ref C: 2024-07-04T07:43:30Z
    date: Thu, 04 Jul 2024 07:43:29 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    9.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.173.189.20.in-addr.arpa
    IN PTR
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85xj2PJIa4eriqxVq5X3gZjVUCUwRzDXM_veOMB5wNmEKUnTbcCd4XnJRSLEVrB7046H_9qe1qWh1cj8P0Wl0T8cJLsmuHw28WeFnU25cue1fXDmLkGfOrGI12DVK1dNh-fkFtmjxDiPP1P3Zt87uI4A62fCD_71fRtPncfBM9Y0DCTeZ%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dbddb11a533bf19b537d677cd9bfe3333&TIME=20240611T194152Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B
    tls, http2
    2.6kB
     9.6kB
     21
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85xj2PJIa4eriqxVq5X3gZjVUCUwRzDXM_veOMB5wNmEKUnTbcCd4XnJRSLEVrB7046H_9qe1qWh1cj8P0Wl0T8cJLsmuHw28WeFnU25cue1fXDmLkGfOrGI12DVK1dNh-fkFtmjxDiPP1P3Zt87uI4A62fCD_71fRtPncfBM9Y0DCTeZ%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dbddb11a533bf19b537d677cd9bfe3333&TIME=20240611T194152Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De85xj2PJIa4eriqxVq5X3gZjVUCUwRzDXM_veOMB5wNmEKUnTbcCd4XnJRSLEVrB7046H_9qe1qWh1cj8P0Wl0T8cJLsmuHw28WeFnU25cue1fXDmLkGfOrGI12DVK1dNh-fkFtmjxDiPP1P3Zt87uI4A62fCD_71fRtPncfBM9Y0DCTeZ%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dbddb11a533bf19b537d677cd9bfe3333&TIME=20240611T194152Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

    HTTP Response

    204
  • 184.28.176.50:443
    https://www.bing.com/aes/c.gif?RG=60f2a049fe694027a8e62b31a29c0170&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194152Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407
    tls, http2
    1.4kB
     5.3kB
     16
    13

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=60f2a049fe694027a8e62b31a29c0170&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194152Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     7.4kB
     17
    14
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     6.9kB
     16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    77.0kB
     2.2MB
     1608
    1605

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300988_17HJ37E2JP0ASFIUD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300933_1BHZAO1SQN99WZXJ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301421_1O9QSVM80YG18KICT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239359955652_1UH15L5Z2LXM3P8PA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    219 B
     147 B
     3
    1

    DNS Request

    104.219.191.52.in-addr.arpa

    DNS Request

    104.219.191.52.in-addr.arpa

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    50.176.28.184.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    50.176.28.184.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    192.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    192.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    10.27.171.150.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    10.27.171.150.in-addr.arpa

    DNS Request

    10.27.171.150.in-addr.arpa

  • 8.8.8.8:53
    9.173.189.20.in-addr.arpa
    dns
    71 B
     1

    DNS Request

    9.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES\Baidu\{83164193-93A3-4ECE-B554-F90E89C431CE}\AddressBar.dll
    Filesize

    1.1MB

    MD5

    57d9f8b6e595ef4a02d8630c53fddcc3

    SHA1

    523dedd35613dc3221657876a3f5248e38e2a842

    SHA256

    c9a2b8ff0be921e2ac2ff6993f7fecc486b02969254884f89af3a19babfcf7e6

    SHA512

    e95f144caa3bb636fd4a085a24a41d95ac6dae1c47d729400bb65a37527863b02b15e98cb62121f2155956f8a2b177f3b1a11d9ba08881858924d9bd75be985e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\$PROGR~1\Baidu\{83164~1\ASBarBroker.exe
    Filesize

    129KB

    MD5

    0ebf8f583abb1ffb40c07b87eae4edb3

    SHA1

    ef91b3245f426b86c2b69fd9678176d3be05c009

    SHA256

    00a481ef9985281177c1f6cc6d055c2bdb719db224637e7eb474a3eaab6305cf

    SHA512

    0bca7bc46019628149afb00cd69d26fd59195c4cbecbb472f9afabf73e8b3eb1da20fdaa4ef03c0776d11b5c8532d16b40a927e4b8b68640067c145cb7e463b4

    Download Submit

  • memory/4180-6-0x00000000032F0000-0x0000000003416000-memory.dmp

    Filesize

    1.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.