globeimposter | 570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc

Analysis

max time kernel
184s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
11/02/2022, 06:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
Size

55KB
MD5

edfbee8bcd1f618f35c1521e127cb9bf
SHA1

d7fb17f6a391d32def76af948f76d78303cf7d79
SHA256

570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc
SHA512

304aae85700d59dc56b407ea39d067311d48c4789a3dea190890dd210cd10009d4d2527e590caba60a6508d96cc02cac1d8543441a1db77dada2b8881da017ab

Score

10^/10

globeimposter persistence ransomware

Malware Config

Signatures

GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
ransomware globeimposter

Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 3764 created 2368	3764	WerFault.exe	100

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe"	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Videos\desktop.ini	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
File opened for modification	C:\Users\Public\desktop.ini	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\ReportingEvents.log	svchost.exe
File opened for modification	C:\Windows\WindowsUpdate.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.edb	svchost.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4760	2368	WerFault.exe	100

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchApp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchApp.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe

Modifies registry class 30 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "140"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1946"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "173"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1946"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "2258"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "2258"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "6112"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "140"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "140"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "2258"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "173"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "173"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "6112"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1946"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "6112"	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4760	WerFault.exe
4760	WerFault.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3348	svchost.exe
Token: SeCreatePagefilePrivilege	3348	svchost.exe
Token: SeShutdownPrivilege	3348	svchost.exe
Token: SeCreatePagefilePrivilege	3348	svchost.exe
Token: SeShutdownPrivilege	3348	svchost.exe
Token: SeCreatePagefilePrivilege	3348	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2368	SearchApp.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 2368	3764	WerFault.exe	100
PID 3764 wrote to memory of 2368	3764	WerFault.exe	100

C:\Users\Admin\AppData\Local\Temp\570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe
"C:\Users\Admin\AppData\Local\Temp\570bdefc9c230fa190c9c16763c65ca7b3c488b4941919df6b356c85e8d4e8fc.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
PID:4492

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3348

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2368
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2368 -s 4384
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  PID:4760

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
- Modifies data under HKEY_USERS
PID:2972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:2180

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 2368 -ip 2368
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of WriteProcessMemory
PID:3764

Network

DNS

www.bing.com

SearchApp.exe

Remote address:

8.8.8.8:53

Request

www.bing.com

IN A

Response

www.bing.com

IN CNAME

a-0001.a-afdentry.net.trafficmanager.net

a-0001.a-afdentry.net.trafficmanager.net

IN CNAME

www-bing-com.dual-a-0001.a-msedge.net

www-bing-com.dual-a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://www.bing.com/rb/5q/cj,nj/fFSXkj1t_zfXRNULqSUNux82Lcw.js?bu=FMIkzCPzBdsj3SPfI-Ej7SPIJJckmQ2tJLMkzCTzBfMF5iCOJJUNjA0&or=w

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rb/5q/cj,nj/fFSXkj1t_zfXRNULqSUNux82Lcw.js?bu=FMIkzCPzBdsj3SPfI-Ej7SPIJJckmQ2tJLMkzCTzBfMF5iCOJJUNjA0&or=w HTTP/2.0
host: www.bing.com
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: */*
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Wed, 26 Jan 2022 05:31:47 GMT
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=a7099b27&IPMID=1643388133621; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 304

cache-control: public, max-age=432000
content-type: application/x-javascript; charset=utf-8
content-encoding: br
last-modified: Tue, 04 Jan 2022 13:08:41 GMT
vary: Accept-Encoding
x-cache: TCP_HIT
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
x-snr-routing: 1
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E5E2BA5D5D6A44CB88BA5579DC351F01 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:44Z
date: Fri, 11 Feb 2022 07:01:43 GMT
GET

https://www.bing.com/manifest/threshold.appcache

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /manifest/threshold.appcache HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
origin: https://www.bing.com
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=a7099b27&IPMID=1643388133621; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=CPID=1644562900625&AC=1&CPH=f646109c; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 8433
content-type: application/x-javascript; charset=utf-8
content-encoding: br
last-modified: Tue, 08 Feb 2022 04:58:55 GMT
vary: Accept-Encoding
x-cache: TCP_HIT
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
x-snr-routing: 1
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DC038A9494FF4BE2BEB15BBC6BAF1F8B Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:45Z
date: Fri, 11 Feb 2022 07:01:45 GMT
GET

https://www.bing.com/rb/17/cj,nj/X6j0qPgNij1n_IogMJrgYaT9Kp8.js?bu=Dh8oW2dqbWReYZwBnwEokQEo&or=w

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rb/17/cj,nj/X6j0qPgNij1n_IogMJrgYaT9Kp8.js?bu=Dh8oW2dqbWReYZwBnwEokQEo&or=w HTTP/2.0
host: www.bing.com
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: */*
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Wed, 26 Jan 2022 05:31:36 GMT
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=a7099b27&IPMID=1643388133621; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=CPID=1644562900625&AC=1&CPH=f646109c; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: private
content-length: 932
content-type: text/cache-manifest; charset=utf-8
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: SUID=M; domain=.bing.com; expires=Sat, 12-Feb-2022 07:01:45 GMT; path=/; secure; HttpOnly; SameSite=None
set-cookie: _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; domain=.bing.com; path=/; HttpOnly
set-cookie: _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913; domain=.bing.com; path=/; secure; SameSite=None
set-cookie: SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; domain=.bing.com; expires=Sun, 11-Feb-2024 07:01:45 GMT; path=/; secure; SameSite=None
x-snr-routing: 1
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D892B6F36F8A45138231F9785A9134C6 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:45Z
date: Fri, 11 Feb 2022 07:01:45 GMT
POST

https://www.bing.com/threshold/xls.aspx

SearchApp.exe

Remote address:

204.79.197.200:443

Request

POST /threshold/xls.aspx HTTP/2.0
host: www.bing.com
origin: https://www.bing.com
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: */*
accept-language: en-US
content-type: text/xml
x-msedge-externalexp: d-thshld42,d-thshld77,eadqf-staagg2,msbwi20220124t
x-msedge-externalexptype: JointCoord
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
content-length: 1448
cache-control: no-cache
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=a7099b27&IPMID=1643388133621; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=CPID=1644562900625&AC=1&CPH=f646109c; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 204

access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2880393D8C9F4043AD900EAEBEC017A5 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:45Z
date: Fri, 11 Feb 2022 07:01:45 GMT
GET

https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /AS/API/WindowsCortanaPane/V2/Init HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: private
content-length: 65401
content-type: text/html; charset=utf-8
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
x-snr-routing: 1
x-ua-compatible: IE=edge
x-xss-protection: 0
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 325D67D0A3414AF2892823E88C7EA904 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:45Z
date: Fri, 11 Feb 2022 07:01:45 GMT
GET

https://www.bing.com/rb/1a/cir2,ortl,cc,nc/U006EeMfq1iK7IAAM8DJcfY519o.css?bu=B8EBPLgBaDs7xQE&or=w

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rb/1a/cir2,ortl,cc,nc/U006EeMfq1iK7IAAM8DJcfY519o.css?bu=B8EBPLgBaDs7xQE&or=w HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 1579
content-type: text/css; charset=utf-8
content-encoding: br
last-modified: Tue, 08 Feb 2022 04:57:25 GMT
vary: Accept-Encoding
x-cache: TCP_HIT
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
x-snr-routing: 1
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 543B190C987A4EA3B6F0FFC496673A59 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:45Z
date: Fri, 11 Feb 2022 07:01:45 GMT
GET

https://www.bing.com/rb/1a/cir2,ortl,cc,nc/UYUNDxqDYWOuXKtxln9Ggb_NBpQ.css?bu=CecEjQK1AqwFxAS4BKcDOzs&or=w

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rb/1a/cir2,ortl,cc,nc/UYUNDxqDYWOuXKtxln9Ggb_NBpQ.css?bu=CecEjQK1AqwFxAS4BKcDOzs&or=w HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 4841
content-type: text/css; charset=utf-8
content-encoding: br
last-modified: Fri, 28 Jan 2022 19:31:29 GMT
vary: Accept-Encoding
x-cache: TCP_HIT
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
x-snr-routing: 1
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 81B97C141B5140F980769F1AABAF1585 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:46Z
date: Fri, 11 Feb 2022 07:01:46 GMT
GET

https://www.bing.com/rb/47/ortl,cc,nc/8yOt-qMgl3wFFpnXBbdaeUrdWpM.css?bu=A4gCjAKPAg&or=w

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rb/47/ortl,cc,nc/8yOt-qMgl3wFFpnXBbdaeUrdWpM.css?bu=A4gCjAKPAg&or=w HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Wed, 26 Jan 2022 11:27:57 GMT
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 3508
content-type: text/css; charset=utf-8
content-encoding: br
last-modified: Tue, 08 Feb 2022 04:58:12 GMT
vary: Accept-Encoding
x-cache: TCP_HIT
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
x-snr-routing: 1
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 45A274EA5CBA4E049DCF8A35191F6815 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:46Z
date: Fri, 11 Feb 2022 07:01:46 GMT
GET

https://www.bing.com/rb/6J/cir2,ortl,cc,nc/omeF_v5UOBBBK5-ZNrZZSW0txeY.css?bu=FPgF9QWKBq8GgQb-Be8FqQaNBpAG7wWTBu8FmwakBp4G7wXvBe8F7wU&or=w

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rb/6J/cir2,ortl,cc,nc/omeF_v5UOBBBK5-ZNrZZSW0txeY.css?bu=FPgF9QWKBq8GgQb-Be8FqQaNBpAG7wWTBu8FmwakBp4G7wXvBe8F7wU&or=w HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 37715
content-type: text/css; charset=utf-8
content-encoding: br
last-modified: Tue, 08 Feb 2022 12:41:00 GMT
vary: Accept-Encoding
x-cache: TCP_HIT
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
x-snr-routing: 1
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D15A77CCECB54B768BE86FA7B982A99F Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:46Z
date: Fri, 11 Feb 2022 07:01:46 GMT
GET

https://www.bing.com/rb/6J/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=Ae8F&or=w

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rb/6J/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=Ae8F&or=w HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 10
content-type: text/css; charset=utf-8
content-encoding: br
last-modified: Tue, 08 Feb 2022 04:57:58 GMT
vary: Accept-Encoding
x-cache: TCP_HIT
server: Kestrel
access-control-allow-headers: *
access-control-allow-origin: *
x-snr-routing: 1
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EC7413B4413A4E768D21F98D883FC2C1 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:46Z
date: Fri, 11 Feb 2022 07:01:46 GMT
GET

https://www.bing.com/rp/1UewCJeQh7H4TkEu4viPy9Nx7dE.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/1UewCJeQh7H4TkEu4viPy9Nx7dE.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 25749
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: PSGGmbzVbC+D6UyP03wdcQ==
last-modified: Wed, 09 Feb 2022 03:14:52 GMT
etag: 0x8D9EB7A56FF7A3B
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 1f3dda89-201e-004d-29a7-1db8d9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 063D5334C9ED4D099E389E09D56C5022 Ref B: AMS04EDGE1320 Ref C: 2022-02-09T13:29:32Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: FE26182427324FC499337E3F4D9E6C4D Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:47Z
date: Fri, 11 Feb 2022 07:01:47 GMT
GET

https://www.bing.com/rp/7Y7GIdHwvb_FHuCBnybcAmLO7GY.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/7Y7GIdHwvb_FHuCBnybcAmLO7GY.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 12468
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: OAm2+Dfso4ykC5+AJWkkNA==
last-modified: Fri, 28 Jan 2022 10:42:03 GMT
etag: 0x8D9E24AD21CB179
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: d440b685-401e-0016-22f0-1c81e2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 56EFB24B971F49C699080617D72DC1B8 Ref B: AMS04EDGE1208 Ref C: 2022-02-08T20:07:56Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: DBB118C7B31C45E6A57C325EC616C56C Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:47Z
date: Fri, 11 Feb 2022 07:01:47 GMT
GET

https://www.bing.com/rp/98-tFzBbrLP3oaKdmZtyZ4BBBI4.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/98-tFzBbrLP3oaKdmZtyZ4BBBI4.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Thu, 28 Jan 2021 01:44:49 GMT
if-none-match: 0x8D8C32E4CDC654C
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 304

cache-control: public, max-age=432000
content-type: application/x-javascript; charset=utf-8
content-encoding: br
content-md5: xVtvk8m0iq8KaH8JY6bhxg==
last-modified: Thu, 28 Jan 2021 01:44:49 GMT
etag: 0x8D8C32E4CDC654C
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 5d3b0d19-701e-001d-64ad-1b7a89000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 37E09AB10E2D4ED6AD92863B17DDE1D8 Ref B: AMS04EDGE1221 Ref C: 2022-02-08T20:07:55Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: F56C1CF965D240E0A1A44F95F22EBB18 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:47Z
date: Fri, 11 Feb 2022 07:01:47 GMT
GET

https://www.bing.com/rp/9F6Tm6dN0EAZXebCoQTyg-a_REo.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/9F6Tm6dN0EAZXebCoQTyg-a_REo.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Tue, 04 Jan 2022 21:09:23 GMT
if-none-match: 0x8D9CFC67BC39897
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 304

cache-control: public, max-age=432000
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: bC3aqbI+g1zI+kyoHYAiiQ==
last-modified: Tue, 04 Jan 2022 21:09:23 GMT
etag: 0x8D9CFC67BC39897
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: dd3794ee-501e-0057-0ac6-1dd906000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 8CCE4E4C038542EEBD0A94A26FB55987 Ref B: AMS04EDGE1115 Ref C: 2022-02-10T19:35:32Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: B20BAD05C3214E13B8C68077D645E45B Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:47Z
date: Fri, 11 Feb 2022 07:01:47 GMT
GET

https://www.bing.com/rp/BQR--Mi6Hdug9aUgfjMzORag63E.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/BQR--Mi6Hdug9aUgfjMzORag63E.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Mon, 23 Nov 2020 21:26:10 GMT
if-none-match: 0x8D88FF665839903
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 304

cache-control: public, max-age=432000
content-type: application/x-javascript; charset=utf-8
content-encoding: br
content-md5: uh4a6uPJ/QiEZGs/QDfl5w==
last-modified: Mon, 23 Nov 2020 21:26:10 GMT
etag: 0x8D88FF665839903
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 39667a62-701e-0040-4731-1c700d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 916C42B8A52A44A8B85AE5F08EBEBCFF Ref B: AMS04EDGE1114 Ref C: 2022-02-08T21:17:57Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: FA39B89745F44505BA9CAC9BD0C1C1C1 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:48Z
date: Fri, 11 Feb 2022 07:01:48 GMT
GET

https://www.bing.com/rp/Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Wed, 24 Jun 2020 05:06:01 GMT
if-none-match: 0x8D817FC4A10933C
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 304

cache-control: public, max-age=432000
content-type: application/x-javascript; charset=utf-8
content-encoding: br
content-md5: 3WhJ+OYKE/V46pTyaMnODg==
last-modified: Wed, 24 Jun 2020 05:06:01 GMT
etag: 0x8D817FC4A10933C
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: d00d410a-001e-00ae-62ff-1bda24000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 18BE2144BC8C40C6BDD48BFD7BD3D027 Ref B: AMS04EDGE1309 Ref C: 2022-02-08T20:07:55Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 184168D179AE4E689CCD4E798FFB5528 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:48Z
date: Fri, 11 Feb 2022 07:01:48 GMT
GET

https://www.bing.com/rp/EFZQVfd-aT3vKh3O-kC_qyc_0q8.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/EFZQVfd-aT3vKh3O-kC_qyc_0q8.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 18419
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: henilD4oH4y2jEHuxkSWmg==
last-modified: Wed, 09 Feb 2022 03:14:54 GMT
etag: 0x8D9EB7A57ED3BCB
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: b45a06b2-501e-009c-6ea7-1dda53000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 9A2F39E77ED046AFB58B921E5F98F69B Ref B: AMS04EDGE1509 Ref C: 2022-02-09T13:29:33Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 4ECF0F8B04AD4F8DB928BD1AAF9C5B33 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:48Z
date: Fri, 11 Feb 2022 07:01:48 GMT
GET

https://www.bing.com/rp/HXQOmZnHKkJYgneadHww_IjOlxQ.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/HXQOmZnHKkJYgneadHww_IjOlxQ.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Thu, 24 Jun 2021 18:40:09 GMT
if-none-match: 0x8D9373F7E832F32
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 304

cache-control: public, max-age=432000
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 0sPKi9j4grNI6xJF5svNbg==
last-modified: Thu, 24 Jun 2021 18:40:09 GMT
etag: 0x8D9373F7E832F32
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 4778eddd-801e-007b-4df3-1c35a9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: AE310A482FA945C7957BE82DB544B746 Ref B: AMS04EDGE1212 Ref C: 2022-02-10T19:35:31Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 00487233A255472A82BD866E2349F04F Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:49Z
date: Fri, 11 Feb 2022 07:01:49 GMT
GET

https://www.bing.com/rp/ISqjehphJRJanLfetqLqda1tayw.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/ISqjehphJRJanLfetqLqda1tayw.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 407631
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: UHCsPJhQyeecO2zfUHSXsg==
last-modified: Wed, 09 Feb 2022 01:20:12 GMT
etag: 0x8D9EB6A5206CCC1
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 905aebbe-e01e-0030-62a7-1dc9fa000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 2A416261A5B5492DB9079FA5B316FF80 Ref B: AMS04EDGE1419 Ref C: 2022-02-09T13:29:33Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 8896D1973B4C4BA29F850BD84A6AFDAC Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:49Z
date: Fri, 11 Feb 2022 07:01:49 GMT
GET

https://www.bing.com/rp/MAi8ZrMgFhG81tZ07Arc2JEjTY8.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/MAi8ZrMgFhG81tZ07Arc2JEjTY8.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Wed, 24 Jun 2020 05:07:14 GMT
if-none-match: 0x8D817FC756864AE
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 304

cache-control: public, max-age=432000
content-type: application/x-javascript; charset=utf-8
content-encoding: br
content-md5: 4csgy3MnorVZ2sztEWGSow==
last-modified: Wed, 24 Jun 2020 05:07:14 GMT
etag: 0x8D817FC756864AE
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 1ef42496-201e-004d-6146-1cb8d9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 58FA779E07D64A89A6798DB1E61DBDFE Ref B: AMS04EDGE1113 Ref C: 2022-02-09T00:17:39Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: F8F802D685EC4AA6AA5D6B4DD13E61DD Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:49Z
date: Fri, 11 Feb 2022 07:01:49 GMT
GET

https://www.bing.com/rp/MDqPc1m5c6NCOcjcf9QO_UfJAUI.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/MDqPc1m5c6NCOcjcf9QO_UfJAUI.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
if-modified-since: Fri, 08 Jan 2021 17:46:27 GMT
if-none-match: 0x8D8B3FD5319B034
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 304

cache-control: public, max-age=432000
content-type: application/x-javascript; charset=utf-8
content-encoding: br
content-md5: 6fDsIZ2RXTHLpooNNws/Zw==
last-modified: Fri, 08 Jan 2021 17:46:27 GMT
etag: 0x8D8B3FD5319B034
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 396ca296-801e-0054-7f33-1c3862000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: 61477C0106244A8BA2806D87F0482188 Ref B: AMS04EDGE1410 Ref C: 2022-02-08T22:30:32Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 3D0D7B1DCD62490198449DB5C7F17BA8 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:49Z
date: Fri, 11 Feb 2022 07:01:49 GMT
GET

https://www.bing.com/rp/MOF_GzvGOii0VGtOHdGSeaiR5wU.br.js

SearchApp.exe

Remote address:

204.79.197.200:443

Request

GET /rp/MOF_GzvGOii0VGtOHdGSeaiR5wU.br.js HTTP/2.0
host: www.bing.com
accept: */*
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
cookie: SRCHUID=V=2&GUID=3538640BC6DE4AE6BB56FF1309DEC2DB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20220113; SRCHHPGUSR=SRCHLANG=en&LUT=1643387473203&IPMH=08ec2de4&IPMID=1644562900625; CortanaAppUID=AC132211E844C53C821E601A23766E16; MUID=0429C08E356E4A2E88C7FB04727339BA; _SS=SID=00C6F3EAE862686C0BD2E2A2E9266913&CBV=26808833; SUID=M; _EDGE_S=SID=00C6F3EAE862686C0BD2E2A2E9266913; MUIDB=0429C08E356E4A2E88C7FB04727339BA

Response

HTTP/2.0 200

cache-control: public, max-age=432000
content-length: 7621
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: IwbE1vxan0croaOvYCoc1w==
last-modified: Mon, 07 Feb 2022 22:20:11 GMT
etag: 0x8D9EA880178DB0D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 5f2a1200-201e-00b9-3ada-1c732f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: A4AB9093D76F477C9A328E8D0468C0A6 Ref B: AMS04EDGE1112 Ref C: 2022-02-08T20:42:15Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: 0A0FAB6957AF45ECBBDDDB1D181CA8A2 Ref B: AMBEDGE0709 Ref C: 2022-02-11T07:01:49Z
date: Fri, 11 Feb 2022 07:01:49 GMT

88.221.144.170:80

322 B
7
88.221.144.170:80

322 B
7
67.27.153.126:80

46 B
40 B
1
1
67.27.153.126:80

46 B
40 B
1
1
67.27.153.126:80

46 B
40 B
1
1
67.27.153.126:80

46 B
40 B
1
1
204.79.197.200:443

www.bing.com

tls

919 B
7.4kB
9
8
204.79.197.200:443

www.bing.com

tls, https

2.8kB
8.4kB
19
17
204.79.197.200:443

www.bing.com

tls, http2

SearchApp.exe

1.5kB
8.1kB
16
14
204.79.197.200:443

https://www.bing.com/rp/MOF_GzvGOii0VGtOHdGSeaiR5wU.br.js

tls, http2

SearchApp.exe

27.7kB
631.3kB
483
482

HTTP Request

GET https://www.bing.com/rb/5q/cj,nj/fFSXkj1t_zfXRNULqSUNux82Lcw.js?bu=FMIkzCPzBdsj3SPfI-Ej7SPIJJckmQ2tJLMkzCTzBfMF5iCOJJUNjA0&or=w

HTTP Response

304

HTTP Request

GET https://www.bing.com/manifest/threshold.appcache

HTTP Request

GET https://www.bing.com/rb/17/cj,nj/X6j0qPgNij1n_IogMJrgYaT9Kp8.js?bu=Dh8oW2dqbWReYZwBnwEokQEo&or=w

HTTP Response

200

HTTP Request

POST https://www.bing.com/threshold/xls.aspx

HTTP Response

200

HTTP Response

204

HTTP Request

GET https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init

HTTP Response

200

HTTP Request

GET https://www.bing.com/rb/1a/cir2,ortl,cc,nc/U006EeMfq1iK7IAAM8DJcfY519o.css?bu=B8EBPLgBaDs7xQE&or=w

HTTP Response

200

HTTP Request

GET https://www.bing.com/rb/1a/cir2,ortl,cc,nc/UYUNDxqDYWOuXKtxln9Ggb_NBpQ.css?bu=CecEjQK1AqwFxAS4BKcDOzs&or=w

HTTP Response

200

HTTP Request

GET https://www.bing.com/rb/47/ortl,cc,nc/8yOt-qMgl3wFFpnXBbdaeUrdWpM.css?bu=A4gCjAKPAg&or=w

HTTP Response

200

HTTP Request

GET https://www.bing.com/rb/6J/cir2,ortl,cc,nc/omeF_v5UOBBBK5-ZNrZZSW0txeY.css?bu=FPgF9QWKBq8GgQb-Be8FqQaNBpAG7wWTBu8FmwakBp4G7wXvBe8F7wU&or=w

HTTP Response

200

HTTP Request

GET https://www.bing.com/rb/6J/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=Ae8F&or=w

HTTP Response

200

HTTP Request

GET https://www.bing.com/rp/1UewCJeQh7H4TkEu4viPy9Nx7dE.br.js

HTTP Response

200

HTTP Request

GET https://www.bing.com/rp/7Y7GIdHwvb_FHuCBnybcAmLO7GY.br.js

HTTP Response

200

HTTP Request

GET https://www.bing.com/rp/98-tFzBbrLP3oaKdmZtyZ4BBBI4.br.js

HTTP Response

304

HTTP Request

GET https://www.bing.com/rp/9F6Tm6dN0EAZXebCoQTyg-a_REo.br.js

HTTP Response

304

HTTP Request

GET https://www.bing.com/rp/BQR--Mi6Hdug9aUgfjMzORag63E.br.js

HTTP Response

304

HTTP Request

GET https://www.bing.com/rp/Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br.js

HTTP Response

304

HTTP Request

GET https://www.bing.com/rp/EFZQVfd-aT3vKh3O-kC_qyc_0q8.br.js

HTTP Response

200

HTTP Request

GET https://www.bing.com/rp/HXQOmZnHKkJYgneadHww_IjOlxQ.br.js

HTTP Response

304

HTTP Request

GET https://www.bing.com/rp/ISqjehphJRJanLfetqLqda1tayw.br.js

HTTP Response

200

HTTP Request

GET https://www.bing.com/rp/MAi8ZrMgFhG81tZ07Arc2JEjTY8.br.js

HTTP Response

304

HTTP Request

GET https://www.bing.com/rp/MDqPc1m5c6NCOcjcf9QO_UfJAUI.br.js

HTTP Response

304

HTTP Request

GET https://www.bing.com/rp/MOF_GzvGOii0VGtOHdGSeaiR5wU.br.js

HTTP Response

200

8.8.8.8:53

www.bing.com

dns

SearchApp.exe

58 B
206 B
1
1

DNS Request

www.bing.com

DNS Response

204.79.197.200

13.107.21.200

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2972-135-0x000001EF30EC0000-0x000001EF30EC4000-memory.dmp

Filesize
16KB

Download
memory/3348-130-0x000001AB0E220000-0x000001AB0E230000-memory.dmp

Filesize
64KB

Download
memory/3348-131-0x000001AB0E280000-0x000001AB0E290000-memory.dmp

Filesize
64KB

Download
memory/3348-132-0x000001AB10940000-0x000001AB10944000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.