Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.googleads...

windows10-2004-x64

1

Analysis

  • max time kernel
    299s
  • max time network
    292s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2023, 07:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.googleadservices.com/pagead/ar-adview/?nrh={""aggregation_keys"":{""1"":""0x7f7e13629199e19a0000000000000000"",""2"":""0xf6a1a643767be46b0000000000000000"",""3"":""0x678b78e69183430a0000000000000000"",""4"":""0xadb6d86d863c6dfe0000000000000000"",""5"":""0x1e7e3af68720c9260000000000000000""},""debug_key"":""16389241126396200640"",""debug_reporting"":true,""destination"":""https://getquickmanuals.com"",""event_report_window"":""259200"",""expiry"":""2592000"",""filter_data"":{""2"":[""706613350""],""4"":[""11-20""],""6"":[""true""]},""priority"":""500"",""source_event_id"":""12894366659002393633""}&andc=true

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.googleadservices.com/pagead/ar-adview/?nrh={""aggregation_keys"":{""1"":""0x7f7e13629199e19a0000000000000000"",""2"":""0xf6a1a643767be46b0000000000000000"",""3"":""0x678b78e69183430a0000000000000000"",""4"":""0xadb6d86d863c6dfe0000000000000000"",""5"":""0x1e7e3af68720c9260000000000000000""},""debug_key"":""16389241126396200640"",""debug_reporting"":true,""destination"":""https://getquickmanuals.com"",""event_report_window"":""259200"",""expiry"":""2592000"",""filter_data"":{""2"":[""706613350""],""4"":[""11-20""],""6"":[""true""]},""priority"":""500"",""source_event_id"":""12894366659002393633""}&andc=true
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe60a9758,0x7ffbe60a9768,0x7ffbe60a9778
      2⤵
        PID:1956
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1884,i,12994207786630522613,14270436964717551489,131072 /prefetch:2
        2⤵
          PID:2316
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1884,i,12994207786630522613,14270436964717551489,131072 /prefetch:8
          2⤵
            PID:4956
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1884,i,12994207786630522613,14270436964717551489,131072 /prefetch:8
            2⤵
              PID:1068
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1884,i,12994207786630522613,14270436964717551489,131072 /prefetch:1
              2⤵
                PID:644
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1884,i,12994207786630522613,14270436964717551489,131072 /prefetch:1
                2⤵
                  PID:3120
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1884,i,12994207786630522613,14270436964717551489,131072 /prefetch:8
                  2⤵
                    PID:1500
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1884,i,12994207786630522613,14270436964717551489,131072 /prefetch:8
                    2⤵
                      PID:1624
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4504 --field-trial-handle=1884,i,12994207786630522613,14270436964717551489,131072 /prefetch:1
                      2⤵
                        PID:4548
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1000 --field-trial-handle=1884,i,12994207786630522613,14270436964717551489,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1464
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:4784

                      Network

                      • flag-us
                        DNS
                        22.160.190.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        22.160.190.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        95.221.229.192.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        95.221.229.192.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        9.228.82.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        9.228.82.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        146.78.124.51.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        146.78.124.51.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        122.175.53.84.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        122.175.53.84.in-addr.arpa
                        IN PTR
                        Response
                        122.175.53.84.in-addr.arpa
                        IN PTR
                        a84-53-175-122deploystaticakamaitechnologiescom
                      • flag-nl
                        GET
                        http://www.googleadservices.com/pagead/ar-adview/?nrh={%22%22aggregation_keys%22%22:{%22%221%22%22:%22%220x7f7e13629199e19a0000000000000000%22%22,%22%222%22%22:%22%220xf6a1a643767be46b0000000000000000%22%22,%22%223%22%22:%22%220x678b78e69183430a0000000000000000%22%22,%22%224%22%22:%22%220xadb6d86d863c6dfe0000000000000000%22%22,%22%225%22%22:%22%220x1e7e3af68720c9260000000000000000%22%22},%22%22debug_key%22%22:%22%2216389241126396200640%22%22,%22%22debug_reporting%22%22:true,%22%22destination%22%22:%22%22https://getquickmanuals.com%22%22,%22%22event_report_window%22%22:%22%22259200%22%22,%22%22expiry%22%22:%22%222592000%22%22,%22%22filter_data%22%22:{%22%222%22%22:[%22%22706613350%22%22],%22%224%22%22:[%22%2211-20%22%22],%22%226%22%22:[%22%22true%22%22]},%22%22priority%22%22:%22%22500%22%22,%22%22source_event_id%22%22:%22%2212894366659002393633%22%22}&andc=true
                        chrome.exe
                        Remote address:
                        172.217.168.194:80
                        Request
                        GET /pagead/ar-adview/?nrh={%22%22aggregation_keys%22%22:{%22%221%22%22:%22%220x7f7e13629199e19a0000000000000000%22%22,%22%222%22%22:%22%220xf6a1a643767be46b0000000000000000%22%22,%22%223%22%22:%22%220x678b78e69183430a0000000000000000%22%22,%22%224%22%22:%22%220xadb6d86d863c6dfe0000000000000000%22%22,%22%225%22%22:%22%220x1e7e3af68720c9260000000000000000%22%22},%22%22debug_key%22%22:%22%2216389241126396200640%22%22,%22%22debug_reporting%22%22:true,%22%22destination%22%22:%22%22https://getquickmanuals.com%22%22,%22%22event_report_window%22%22:%22%22259200%22%22,%22%22expiry%22%22:%22%222592000%22%22,%22%22filter_data%22%22:{%22%222%22%22:[%22%22706613350%22%22],%22%224%22%22:[%22%2211-20%22%22],%22%226%22%22:[%22%22true%22%22]},%22%22priority%22%22:%22%22500%22%22,%22%22source_event_id%22%22:%22%2212894366659002393633%22%22}&andc=true HTTP/1.1
                        Host: www.googleadservices.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 200 OK
                        P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                        Timing-Allow-Origin: *
                        Cross-Origin-Resource-Policy: cross-origin
                        Attribution-Reporting-Register-Source: {""aggregation_keys"":{""1"":""0x7f7e13629199e19a0000000000000000"",""2"":""0xf6a1a643767be46b0000000000000000"",""3"":""0x678b78e69183430a0000000000000000"",""4"":""0xadb6d86d863c6dfe0000000000000000"",""5"":""0x1e7e3af68720c9260000000000000000""},""debug_key"":""16389241126396200640"",""debug_reporting"":true,""destination"":""https://getquickmanuals.com"",""event_report_window"":""259200"",""expiry"":""2592000"",""filter_data"":{""2"":[""706613350""],""4"":[""11-20""],""6"":[""true""]},""priority"":""500"",""source_event_id"":""12894366659002393633""}
                        Content-Type: text/css; charset=UTF-8
                        X-Content-Type-Options: nosniff
                        Date: Wed, 22 Nov 2023 07:47:53 GMT
                        Server: cafe
                        Content-Length: 0
                        X-XSS-Protection: 0
                        Set-Cookie: ar_debug=1; expires=Tue, 20-Feb-2024 07:47:53 GMT; path=/; domain=googleadservices.com; Secure; HttpOnly; SameSite=none
                        Expires: Wed, 22 Nov 2023 07:47:53 GMT
                        Cache-Control: private
                      • flag-nl
                        GET
                        http://www.googleadservices.com/favicon.ico
                        chrome.exe
                        Remote address:
                        172.217.168.194:80
                        Request
                        GET /favicon.ico HTTP/1.1
                        Host: www.googleadservices.com
                        Connection: keep-alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        Referer: http://www.googleadservices.com/pagead/ar-adview/?nrh={%22%22aggregation_keys%22%22:{%22%221%22%22:%22%220x7f7e13629199e19a0000000000000000%22%22,%22%222%22%22:%22%220xf6a1a643767be46b0000000000000000%22%22,%22%223%22%22:%22%220x678b78e69183430a0000000000000000%22%22,%22%224%22%22:%22%220xadb6d86d863c6dfe0000000000000000%22%22,%22%225%22%22:%22%220x1e7e3af68720c9260000000000000000%22%22},%22%22debug_key%22%22:%22%2216389241126396200640%22%22,%22%22debug_reporting%22%22:true,%22%22destination%22%22:%22%22https://getquickmanuals.com%22%22,%22%22event_report_window%22%22:%22%22259200%22%22,%22%22expiry%22%22:%22%222592000%22%22,%22%22filter_data%22%22:{%22%222%22%22:[%22%22706613350%22%22],%22%224%22%22:[%22%2211-20%22%22],%22%226%22%22:[%22%22true%22%22]},%22%22priority%22%22:%22%22500%22%22,%22%22source_event_id%22%22:%22%2212894366659002393633%22%22}&andc=true
                        Accept-Encoding: gzip, deflate
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 404 Not Found
                        Cross-Origin-Resource-Policy: cross-origin
                        Content-Type: text/html; charset=UTF-8
                        X-Content-Type-Options: nosniff
                        Date: Wed, 22 Nov 2023 07:47:54 GMT
                        Server: sffe
                        Content-Length: 1572
                        X-XSS-Protection: 0
                      • flag-us
                        DNS
                        194.168.217.172.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        194.168.217.172.in-addr.arpa
                        IN PTR
                        Response
                        194.168.217.172.in-addr.arpa
                        IN PTR
                        ams16s32-in-f21e100net
                      • flag-us
                        DNS
                        39.142.81.104.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        39.142.81.104.in-addr.arpa
                        IN PTR
                        Response
                        39.142.81.104.in-addr.arpa
                        IN PTR
                        a104-81-142-39deploystaticakamaitechnologiescom
                      • flag-us
                        DNS
                        2.136.104.51.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        2.136.104.51.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        57.169.31.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        57.169.31.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        157.123.68.40.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        157.123.68.40.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        18.31.95.13.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        18.31.95.13.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        1.208.79.178.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        1.208.79.178.in-addr.arpa
                        IN PTR
                        Response
                        1.208.79.178.in-addr.arpa
                        IN PTR
                        https-178-79-208-1amsllnwnet
                      • flag-us
                        DNS
                        55.36.223.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        55.36.223.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        tse1.mm.bing.net
                        Remote address:
                        8.8.8.8:53
                        Request
                        tse1.mm.bing.net
                        IN A
                        Response
                        tse1.mm.bing.net
                        IN CNAME
                        mm-mm.bing.net.trafficmanager.net
                        mm-mm.bing.net.trafficmanager.net
                        IN CNAME
                        dual-a-0001.a-msedge.net
                        dual-a-0001.a-msedge.net
                        IN A
                        204.79.197.200
                        dual-a-0001.a-msedge.net
                        IN A
                        13.107.21.200
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301571_1RETF70DD01UVNE0Z&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301571_1RETF70DD01UVNE0Z&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 312790
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: 698A4003AC42414F8B7C12FB5D18ACA5 Ref B: DUS30EDGE0912 Ref C: 2023-11-22T07:48:37Z
                        date: Wed, 22 Nov 2023 07:48:37 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 440777
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: 08770BC21810479F99EE12A7E1051742 Ref B: DUS30EDGE0912 Ref C: 2023-11-22T07:48:37Z
                        date: Wed, 22 Nov 2023 07:48:37 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301162_1G7DYX5FX2938M3TM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301162_1G7DYX5FX2938M3TM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 537105
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: 8BF717B4614149E4BBA0564AD995A93C Ref B: DUS30EDGE0912 Ref C: 2023-11-22T07:48:37Z
                        date: Wed, 22 Nov 2023 07:48:37 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317300971_1O5B0F861TRRZWX2T&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317300971_1O5B0F861TRRZWX2T&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 780608
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: E4E504E55CE6457EB3E24C8A376E28ED Ref B: DUS30EDGE0912 Ref C: 2023-11-22T07:48:37Z
                        date: Wed, 22 Nov 2023 07:48:37 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301111_1DKW3SIPELFG6R5I0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301111_1DKW3SIPELFG6R5I0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 298506
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: 254EA6CD22D24C35BF8AB18A789754A6 Ref B: DUS30EDGE0912 Ref C: 2023-11-22T07:48:37Z
                        date: Wed, 22 Nov 2023 07:48:37 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301404_13LUGLF1IFM9LJZ63&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301404_13LUGLF1IFM9LJZ63&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 731540
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: CA8354467CAA4F91AAABF7AFF0380853 Ref B: DUS30EDGE0912 Ref C: 2023-11-22T07:48:38Z
                        date: Wed, 22 Nov 2023 07:48:38 GMT
                      • flag-us
                        DNS
                        67.175.53.84.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        67.175.53.84.in-addr.arpa
                        IN PTR
                        Response
                        67.175.53.84.in-addr.arpa
                        IN PTR
                        a84-53-175-67deploystaticakamaitechnologiescom
                      • flag-us
                        DNS
                        22.236.111.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        22.236.111.52.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        beacons.gcp.gvt2.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        beacons.gcp.gvt2.com
                        IN A
                        Response
                        beacons.gcp.gvt2.com
                        IN CNAME
                        beacons-handoff.gcp.gvt2.com
                        beacons-handoff.gcp.gvt2.com
                        IN CNAME
                        gce-beacons.gcp.gvt2.com
                        gce-beacons.gcp.gvt2.com
                        IN A
                        35.186.203.75
                      • flag-us
                        POST
                        https://beacons.gcp.gvt2.com/domainreliability/upload
                        chrome.exe
                        Remote address:
                        35.186.203.75:443
                        Request
                        POST /domainreliability/upload HTTP/2.0
                        host: beacons.gcp.gvt2.com
                        content-length: 284
                        content-type: application/json; charset=utf-8
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                      • flag-us
                        DNS
                        75.203.186.35.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        75.203.186.35.in-addr.arpa
                        IN PTR
                        Response
                        75.203.186.35.in-addr.arpa
                        IN PTR
                        7520318635bcgoogleusercontentcom
                      • flag-us
                        DNS
                        201.201.50.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        201.201.50.20.in-addr.arpa
                        IN PTR
                        Response
                      • 172.217.168.194:80
                        http://www.googleadservices.com/favicon.ico
                        http
                        chrome.exe
                        3.1kB
                         3.5kB
                         13
                        12

                        HTTP Request

                        GET http://www.googleadservices.com/pagead/ar-adview/?nrh={%22%22aggregation_keys%22%22:{%22%221%22%22:%22%220x7f7e13629199e19a0000000000000000%22%22,%22%222%22%22:%22%220xf6a1a643767be46b0000000000000000%22%22,%22%223%22%22:%22%220x678b78e69183430a0000000000000000%22%22,%22%224%22%22:%22%220xadb6d86d863c6dfe0000000000000000%22%22,%22%225%22%22:%22%220x1e7e3af68720c9260000000000000000%22%22},%22%22debug_key%22%22:%22%2216389241126396200640%22%22,%22%22debug_reporting%22%22:true,%22%22destination%22%22:%22%22https://getquickmanuals.com%22%22,%22%22event_report_window%22%22:%22%22259200%22%22,%22%22expiry%22%22:%22%222592000%22%22,%22%22filter_data%22%22:{%22%222%22%22:[%22%22706613350%22%22],%22%224%22%22:[%22%2211-20%22%22],%22%226%22%22:[%22%22true%22%22]},%22%22priority%22%22:%22%22500%22%22,%22%22source_event_id%22%22:%22%2212894366659002393633%22%22}&andc=true

                        HTTP Response

                        200

                        HTTP Request

                        GET http://www.googleadservices.com/favicon.ico

                        HTTP Response

                        404
                      • 172.217.168.194:80
                        www.googleadservices.com
                        chrome.exe
                        282 B
                         196 B
                         6
                        4
                      • 204.79.197.200:443
                        tse1.mm.bing.net
                        tls, http2
                        1.2kB
                         8.3kB
                         16
                        14
                      • 204.79.197.200:443
                        tse1.mm.bing.net
                        tls, http2
                        1.2kB
                         8.3kB
                         16
                        14
                      • 204.79.197.200:443
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301404_13LUGLF1IFM9LJZ63&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                        tls, http2
                        108.2kB
                         3.2MB
                         2323
                        2321

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301571_1RETF70DD01UVNE0Z&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301162_1G7DYX5FX2938M3TM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300971_1O5B0F861TRRZWX2T&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                        HTTP Response

                        200

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301111_1DKW3SIPELFG6R5I0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                        HTTP Response

                        200

                        HTTP Response

                        200

                        HTTP Response

                        200

                        HTTP Response

                        200

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301404_13LUGLF1IFM9LJZ63&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                        HTTP Response

                        200
                      • 204.79.197.200:443
                        tse1.mm.bing.net
                        tls, http2
                        1.2kB
                         8.3kB
                         16
                        14
                      • 35.186.203.75:443
                        https://beacons.gcp.gvt2.com/domainreliability/upload
                        tls, http2
                        chrome.exe
                        2.0kB
                         6.6kB
                         16
                        15

                        HTTP Request

                        POST https://beacons.gcp.gvt2.com/domainreliability/upload
                      • 8.8.8.8:53
                        22.160.190.20.in-addr.arpa
                        dns
                        72 B
                         158 B
                         1
                        1

                        DNS Request

                        22.160.190.20.in-addr.arpa

                      • 8.8.8.8:53
                        95.221.229.192.in-addr.arpa
                        dns
                        73 B
                         144 B
                         1
                        1

                        DNS Request

                        95.221.229.192.in-addr.arpa

                      • 8.8.8.8:53
                        9.228.82.20.in-addr.arpa
                        dns
                        70 B
                         156 B
                         1
                        1

                        DNS Request

                        9.228.82.20.in-addr.arpa

                      • 8.8.8.8:53
                        146.78.124.51.in-addr.arpa
                        dns
                        72 B
                         158 B
                         1
                        1

                        DNS Request

                        146.78.124.51.in-addr.arpa

                      • 8.8.8.8:53
                        122.175.53.84.in-addr.arpa
                        dns
                        72 B
                         137 B
                         1
                        1

                        DNS Request

                        122.175.53.84.in-addr.arpa

                      • 8.8.8.8:53
                        194.168.217.172.in-addr.arpa
                        dns
                        74 B
                         112 B
                         1
                        1

                        DNS Request

                        194.168.217.172.in-addr.arpa

                      • 8.8.8.8:53
                        39.142.81.104.in-addr.arpa
                        dns
                        72 B
                         137 B
                         1
                        1

                        DNS Request

                        39.142.81.104.in-addr.arpa

                      • 224.0.0.251:5353
                        chrome.exe
                        204 B
                         3
                      • 8.8.8.8:53
                        2.136.104.51.in-addr.arpa
                        dns
                        71 B
                         157 B
                         1
                        1

                        DNS Request

                        2.136.104.51.in-addr.arpa

                      • 8.8.8.8:53
                        57.169.31.20.in-addr.arpa
                        dns
                        71 B
                         157 B
                         1
                        1

                        DNS Request

                        57.169.31.20.in-addr.arpa

                      • 8.8.8.8:53
                        157.123.68.40.in-addr.arpa
                        dns
                        72 B
                         146 B
                         1
                        1

                        DNS Request

                        157.123.68.40.in-addr.arpa

                      • 8.8.8.8:53
                        18.31.95.13.in-addr.arpa
                        dns
                        70 B
                         144 B
                         1
                        1

                        DNS Request

                        18.31.95.13.in-addr.arpa

                      • 8.8.8.8:53
                        1.208.79.178.in-addr.arpa
                        dns
                        71 B
                         116 B
                         1
                        1

                        DNS Request

                        1.208.79.178.in-addr.arpa

                      • 8.8.8.8:53
                        55.36.223.20.in-addr.arpa
                        dns
                        71 B
                         157 B
                         1
                        1

                        DNS Request

                        55.36.223.20.in-addr.arpa

                      • 8.8.8.8:53
                        tse1.mm.bing.net
                        dns
                        62 B
                         173 B
                         1
                        1

                        DNS Request

                        tse1.mm.bing.net

                        DNS Response

                        204.79.197.200
                        13.107.21.200

                      • 8.8.8.8:53
                        67.175.53.84.in-addr.arpa
                        dns
                        71 B
                         135 B
                         1
                        1

                        DNS Request

                        67.175.53.84.in-addr.arpa

                      • 8.8.8.8:53
                        22.236.111.52.in-addr.arpa
                        dns
                        72 B
                         158 B
                         1
                        1

                        DNS Request

                        22.236.111.52.in-addr.arpa

                      • 8.8.8.8:53
                        beacons.gcp.gvt2.com
                        dns
                        chrome.exe
                        66 B
                         138 B
                         1
                        1

                        DNS Request

                        beacons.gcp.gvt2.com

                        DNS Response

                        35.186.203.75

                      • 8.8.8.8:53
                        75.203.186.35.in-addr.arpa
                        dns
                        72 B
                         124 B
                         1
                        1

                        DNS Request

                        75.203.186.35.in-addr.arpa

                      • 8.8.8.8:53
                        201.201.50.20.in-addr.arpa
                        dns
                        72 B
                         158 B
                         1
                        1

                        DNS Request

                        201.201.50.20.in-addr.arpa

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                        Filesize

                        1KB

                        MD5

                        b812cb4088c345f81ef35cfef0758e11

                        SHA1

                        a0560c7c4b24aac2ad1e62011c2695f69d50706f

                        SHA256

                        97be5a79656fa7d262494613539fdb94549b7f51905ce8b23887a010303d3676

                        SHA512

                        c8d7ea79f20c7cb897177b65a7f6f11af8548797b668232c99ed3f69285432ae86b6d0975e81cf5ef37f2b415d4fc56d7416ecb4f06dc1250dfe29c46c758544

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                        Filesize

                        1KB

                        MD5

                        663b7f6c8605a02a0c4aa81f1cc19f3b

                        SHA1

                        f08902076123fe56af777cf7a36ea1b546e4d8a7

                        SHA256

                        595e9d0eb8e911a5890d1d1595b1b9a221722dd0e016e4902a5096e3e65453c3

                        SHA512

                        3a9e15ce77916ba06a362f2cbd142b47a20a84d61fe6f1bbd1f2909a85eff65c550714e57a68b0e91c6705ff0c5fbce5987da505ed8d9dcd1c1fc7d0433c366d

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        642f2d1c3f21ff90e03da155af882dad

                        SHA1

                        3975f2ef0a42aa89af8560343732bbf671cf4c23

                        SHA256

                        d9eb375731094a9ff0fce8fa2dc7aa8e20337e5ccd6469f966af74cb9cea652e

                        SHA512

                        abe869de6cb60694dfba3f20a29d45fb5f23f7ec8aaa0ed2dc51f87c2b92234b953864a3f5998db4a3badb99aaaa0e54f094fcf338a7c39e5da3ed43782da1e4

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        65a5f76080d677a7d1bd659ea8bf6028

                        SHA1

                        703dd42259e90ce57e6d9ec1c1aac95d1105f387

                        SHA256

                        1dfc24f3c57c8a985945a5ba93b4a8e4c0e1205d00c31b3c097d1fa2d4f2c446

                        SHA512

                        30b6a9d0a1569c8554bcfefde709ebd3dc9ef6dc39eaaf89f12869bc252e6b9bd8ce42c3c06d872cace0d16137bd40b6d3a4bf42ccfc2231a1e679d41090f9fb

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                        Filesize

                        109KB

                        MD5

                        704c6d233be4122160b82337517546dc

                        SHA1

                        672a624241c6fc79e64cac825d84177bce2649cf

                        SHA256

                        15bbcf3c83116ca7cd73ed0946c1c5ac590dc23169114526f3d862d2f51f0da6

                        SHA512

                        496e32c87e1bffa573f9b459974682912923de8bd0f47fbfcae66aae53f5b25e69401650af6a007e19508c2122c10ef1cfa0209a0143e0c2b4cbe30585dbee7b

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                        Filesize

                        2B

                        MD5

                        99914b932bd37a50b983c5e7c90ae93b

                        SHA1

                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                        SHA256

                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                        SHA512

                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                        Download Submit

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.