njrat | 8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839

Analysis

max time kernel
117s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
08/02/2025, 01:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe
Size

121KB
MD5

48437ce3c8bab1b00a75bc774e6ca405
SHA1

e774b8a1fe4be437d43ef7739030172e09ff3aef
SHA256

8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839
SHA512

457be992cce0674710d38b4e3103057e88988cfaed90d5e36d82ac42a03258cc618048545f6fe96bd8e594766485138c7d04220c32b7375e48ae86cf85ea35fd
SSDEEP

1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMDLVg8:P5eznsjsguGDFqGZ2rDL/

Score

10^/10

njrat neuf defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

neuf

doddyfire.linkpc.net:10000

Mutex

e1a87040f2026369a233f9ae76301b7b

Attributes

reg_key
e1a87040f2026369a233f9ae76301b7b
splitter
|'|'|

Signatures

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Downloads MZ/PE file 1 IoCs

flow	pid	Process
40	2760	Process not Found

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
764	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1290774215-692483676-1419523182-1000\Control Panel\International\Geo\Nation	8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe

Executes dropped EXE 2 IoCs

pid	Process
620	chargeable.exe
4676	chargeable.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1290774215-692483676-1419523182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\confuse = "C:\\Users\\Admin\\AppData\\Roaming\\confuse\\chargeable.exe"	8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1290774215-692483676-1419523182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysMain = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe"	8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 620 set thread context of 4676	620	chargeable.exe	94

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chargeable.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chargeable.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3964	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

description	pid	Process
Token: SeDebugPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe
Token: 33	4676	chargeable.exe
Token: SeIncBasePriorityPrivilege	4676	chargeable.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 620	1892	8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe	92
PID 1892 wrote to memory of 620	1892	8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe	92
PID 1892 wrote to memory of 620	1892	8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe	92
PID 620 wrote to memory of 4676	620	chargeable.exe	94
PID 620 wrote to memory of 4676	620	chargeable.exe	94
PID 620 wrote to memory of 4676	620	chargeable.exe	94
PID 620 wrote to memory of 4676	620	chargeable.exe	94
PID 620 wrote to memory of 4676	620	chargeable.exe	94
PID 620 wrote to memory of 4676	620	chargeable.exe	94
PID 620 wrote to memory of 4676	620	chargeable.exe	94
PID 620 wrote to memory of 4676	620	chargeable.exe	94
PID 4676 wrote to memory of 764	4676	chargeable.exe	95
PID 4676 wrote to memory of 764	4676	chargeable.exe	95
PID 4676 wrote to memory of 764	4676	chargeable.exe	95

C:\Users\Admin\AppData\Local\Temp\8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe
"C:\Users\Admin\AppData\Local\Temp\8f5af7de9311f740012603025b2065573ad23816ce5e728465a0d0f9553c4839.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
  "C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:620
- - C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
    C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4676
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:764

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTdGN0EwRDMtM0I3Qy00NDI1LTlGRUItQjIyREFBM0Y1RDY3fSIgdXNlcmlkPSJ7NTY2NEYxQzgtRkJCRC00QkMxLUE1MzItMkE5NTM3QTk2N0JBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDhEQ0VBMzQtMUZCOC00NkY5LUIwREUtODJEQkJGMEY0OEJEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDQ5MjgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxNzQzMjM4OTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTI2NDYwOTAyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3964

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1A398380CE94629E34BB960ECF386327; domain=.bing.com; expires=Fri, 06-Mar-2026 13:23:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4E8796DE16940B4923BB14DEF302E81 Ref B: FRA31EDGE0711 Ref C: 2025-02-09T13:23:47Z
date: Sun, 09 Feb 2025 13:23:46 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1A398380CE94629E34BB960ECF386327

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=aN6GH15wZmklgSgD5BygMbJUSoR2EhxyMFC7ChUJcJk; domain=.bing.com; expires=Fri, 06-Mar-2026 13:23:47 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D54039C5F17743CDAC7DF141D52AED8E Ref B: FRA31EDGE0711 Ref C: 2025-02-09T13:23:47Z
date: Sun, 09 Feb 2025 13:23:47 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1A398380CE94629E34BB960ECF386327; MSPTC=aN6GH15wZmklgSgD5BygMbJUSoR2EhxyMFC7ChUJcJk

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 029D21CB4FA84ECC9DB8548C2C423172 Ref B: FRA31EDGE0711 Ref C: 2025-02-09T13:23:48Z
date: Sun, 09 Feb 2025 13:23:47 GMT
DNS

msedge.api.cdp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.api.cdp.microsoft.com

IN A

Response

msedge.api.cdp.microsoft.com

IN CNAME

api.cdp.microsoft.com

api.cdp.microsoft.com

IN CNAME

glb.api.prod.dcat.dsp.trafficmanager.net

glb.api.prod.dcat.dsp.trafficmanager.net

IN A

4.175.87.113
GET

https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

Remote address:

95.100.153.187:443

Request

GET /th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1981
date: Sun, 09 Feb 2025 13:23:51 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.9d98645f.1739107431.110ff935
DNS

doddyfire.linkpc.net

chargeable.exe

Remote address:

8.8.8.8:53

Request

doddyfire.linkpc.net

IN A

Response

doddyfire.linkpc.net

IN A

196.119.16.59
DNS

doddyfire.linkpc.net

chargeable.exe

Remote address:

8.8.8.8:53

Request

doddyfire.linkpc.net

IN A
DNS

doddyfire.linkpc.net

chargeable.exe

Remote address:

8.8.8.8:53

Request

doddyfire.linkpc.net

IN A
POST

https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

Remote address:

4.175.87.113:443

Request

POST /api/v2/contents/Browser/namespaces/Default/names?action=batchupdates HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
ms-correlationid: {E7F7A0D3-3B7C-4425-9FEB-B22DAA3F5D67}
ms-requestid: {7D5659B1-6EE2-42DF-8A2E-A761C8F8CF91}
ms-cv: 06D353w7JUSf67Itqj9dZw.0
x-last-hr: 0x80072ee2
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 2
content-length: 2539

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Sun, 09 Feb 2025 13:24:07 GMT
content-length: 298
ms-correlationid: e7f7a0d3-3b7c-4425-9feb-b22daa3f5d67
ms-requestid: 7d5659b1-6ee2-42df-8a2e-a761c8f8cf91
ms-cv: {E7F7A0D3-3B7C-4425-9FEB-B22DAA3F5D67}.0
POST

https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false

Remote address:

4.175.87.113:443

Request

POST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
ms-correlationid: {E7F7A0D3-3B7C-4425-9FEB-B22DAA3F5D67}
ms-requestid: {4ADCC2E2-CCE3-4105-9A82-47D0A3905AE6}
ms-cv: 06D353w7JUSf67Itqj9dZw.1
x-last-hr: 0x0
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 1
content-length: 2

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Sun, 09 Feb 2025 13:24:08 GMT
content-length: 5361
ms-correlationid: e7f7a0d3-3b7c-4425-9feb-b22daa3f5d67
ms-requestid: 4adcc2e2-cce3-4105-9a82-47d0a3905ae6
ms-cv: {E7F7A0D3-3B7C-4425-9FEB-B22DAA3F5D67}.0
DNS

msedge.b.tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-tlu-net.trafficmanager.net

cdp-f-tlu-net.trafficmanager.net

IN CNAME

fg.microsoft.map.fastly.net

fg.microsoft.map.fastly.net

IN A

199.232.210.172

fg.microsoft.map.fastly.net

IN A

199.232.214.172
HEAD

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

HEAD /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 177180216
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:13 GMT
Via: 1.1 varnish
Age: 363053
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66031
X-Timer: S1739107454.705882,VS0,VE0
X-CID: 3
X-CCC: GB
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=0-1119
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 1120
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:13 GMT
Via: 1.1 varnish
Age: 363053
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66032
X-Timer: S1739107454.777309,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 0-1119/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=1120-3254
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 2135
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:18 GMT
Via: 1.1 varnish
Age: 363058
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66034
X-Timer: S1739107458.075277,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 1120-3254/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=3255-5366
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 2112
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:19 GMT
Via: 1.1 varnish
Age: 363059
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66035
X-Timer: S1739107459.183758,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 3255-5366/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=5367-15222
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 9856
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:20 GMT
Via: 1.1 varnish
Age: 363060
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66037
X-Timer: S1739107460.198913,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 5367-15222/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=15223-33384
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 18162
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:21 GMT
Via: 1.1 varnish
Age: 363061
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66038
X-Timer: S1739107462.564912,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 15223-33384/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=33385-41370
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 7986
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:26 GMT
Via: 1.1 varnish
Age: 363066
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66040
X-Timer: S1739107466.046007,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 33385-41370/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=41371-72641
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 31271
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:40 GMT
Via: 1.1 varnish
Age: 363080
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66050
X-Timer: S1739107481.574093,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 41371-72641/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=72642-86345
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 13704
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:45 GMT
Via: 1.1 varnish
Age: 363085
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66051
X-Timer: S1739107485.087339,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 72642-86345/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=86346-211274
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 124929
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:46 GMT
Via: 1.1 varnish
Age: 363086
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66052
X-Timer: S1739107486.163859,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 86346-211274/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=211275-247642
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 36368
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:24:49 GMT
Via: 1.1 varnish
Age: 363089
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66053
X-Timer: S1739107489.456263,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 211275-247642/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=247643-283061
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 35419
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:14 GMT
Via: 1.1 varnish
Age: 363114
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66057
X-Timer: S1739107515.600103,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 247643-283061/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=283062-315626
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 32565
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:15 GMT
Via: 1.1 varnish
Age: 363115
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66058
X-Timer: S1739107515.204672,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 283062-315626/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=315627-339733
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 24107
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:17 GMT
Via: 1.1 varnish
Age: 363117
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66059
X-Timer: S1739107518.836932,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 315627-339733/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=339734-356098
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 16365
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:22 GMT
Via: 1.1 varnish
Age: 363122
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66060
X-Timer: S1739107523.686655,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 339734-356098/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=356099-372243
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 16145
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:29 GMT
Via: 1.1 varnish
Age: 363129
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66062
X-Timer: S1739107530.822324,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 356099-372243/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=372244-394962
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 22719
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:30 GMT
Via: 1.1 varnish
Age: 363130
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66063
X-Timer: S1739107530.081322,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 372244-394962/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=394963-427510
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 32548
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:31 GMT
Via: 1.1 varnish
Age: 363131
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66064
X-Timer: S1739107531.090015,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 394963-427510/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=427511-449185
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 21675
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:34 GMT
Via: 1.1 varnish
Age: 363134
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66065
X-Timer: S1739107534.114497,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 427511-449185/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=449186-488865
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 39680
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:35 GMT
Via: 1.1 varnish
Age: 363135
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66066
X-Timer: S1739107535.148769,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 449186-488865/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=488866-521830
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 32965
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:36 GMT
Via: 1.1 varnish
Age: 363136
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66067
X-Timer: S1739107537.584530,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 488866-521830/177180216
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=521831-545211
User-Agent: Microsoft BITS/7.8
X-Old-UID: {E9950DC1-872A-4F74-97D7-F9AF6DF5E64D}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 23381
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
Accept-Ranges: bytes
Date: Sun, 09 Feb 2025 13:25:38 GMT
Via: 1.1 varnish
Age: 363137
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 66068
X-Timer: S1739107538.022728,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 521831-545211/177180216
DNS

msedge.b.tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-tlu-net.trafficmanager.net

cdp-f-tlu-net.trafficmanager.net

IN CNAME

wildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

wildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a1847.dscd.akamai.net

a1847.dscd.akamai.net

IN A

2.20.12.95

a1847.dscd.akamai.net

IN A

2.20.12.74

150.171.27.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid=

tls, http2

2.3kB
9.9kB
23
17

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=16f63c840fd045578ec46edb3fa0bc6d&localId=w:BDBD1D39-EB17-EEE6-333E-10C0518E7AF4&deviceId=6896210752764985&anid=

HTTP Response

204
4.175.87.113:443

msedge.api.cdp.microsoft.com

260 B
5
95.100.153.187:443

https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

tls, http2

1.7kB
9.4kB
21
16

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

HTTP Response

200
196.119.16.59:10000

doddyfire.linkpc.net

chargeable.exe

260 B
5
4.175.87.113:443

https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false

tls, http2

5.8kB
14.5kB
27
21

HTTP Request

POST https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

HTTP Response

200

HTTP Request

POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false

HTTP Response

200
199.232.210.172:80

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

http

40.8kB
609.9kB
365
488

HTTP Request

HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

200

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739712249&P2=404&P3=2&P4=RIFMVaNeOvHt1wnS66Of20a3j8tyMwjP9XFq64QcA%2fPNbox7vuRmYYCGliNo9KPIyS05v%2bBIXn7DMa5UeDYcTw%3d%3d

HTTP Response

206
196.119.16.59:10000

doddyfire.linkpc.net

chargeable.exe

260 B
5
196.119.16.59:10000

doddyfire.linkpc.net

chargeable.exe

260 B
5
196.119.16.59:10000

doddyfire.linkpc.net

chargeable.exe

260 B
5
196.119.16.59:10000

doddyfire.linkpc.net

chargeable.exe

104 B
2

8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

msedge.api.cdp.microsoft.com

dns

74 B
158 B
1
1

DNS Request

msedge.api.cdp.microsoft.com

DNS Response

4.175.87.113
8.8.8.8:53

doddyfire.linkpc.net

dns

chargeable.exe

198 B
82 B
3
1

DNS Request

doddyfire.linkpc.net

DNS Request

doddyfire.linkpc.net

DNS Request

doddyfire.linkpc.net

DNS Response

196.119.16.59
8.8.8.8:53

msedge.b.tlu.dl.delivery.mp.microsoft.com

dns

87 B
266 B
1
1

DNS Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

DNS Response

199.232.210.172

199.232.214.172
8.8.8.8:53

msedge.b.tlu.dl.delivery.mp.microsoft.com

dns

87 B
328 B
1
1

DNS Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

DNS Response

2.20.12.95

2.20.12.74

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\chargeable.exe.log

Filesize
400B

MD5
0a9b4592cd49c3c21f6767c2dabda92f

SHA1
f534297527ae5ccc0ecb2221ddeb8e58daeb8b74

SHA256
c7effe9cb81a70d738dee863991afefab040290d4c4b78b4202383bcb9f88fcd

SHA512
6b878df474e5bbfb8e9e265f15a76560c2ef151dcebc6388c82d7f6f86ffaf83f5ade5a09f1842e493cb6c8fd63b0b88d088c728fd725f7139f965a5ee332307

Download Submit
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe

Filesize
121KB

MD5
b8559edc3ab5664ce47b54e446410466

SHA1
59a91ecb7200892804cc3efbd0923f6689455055

SHA256
3e887a00549e69ddcede8da3314345b5f6409295d21fe36d094196c70b57d34e

SHA512
c345ad03ea556c813c1ae67c63e1aad0bce64857464d582a2d1815f9b5d6a676674d03dc9b6bf7b23e4dd765fa867c878295698e6e0ce59a8d82ee0145010e52

Download Submit
memory/620-21-0x0000000073D20000-0x00000000742D1000-memory.dmp

Filesize
5.7MB

Download
memory/620-29-0x0000000073D20000-0x00000000742D1000-memory.dmp

Filesize
5.7MB

Download
memory/620-24-0x0000000073D20000-0x00000000742D1000-memory.dmp

Filesize
5.7MB

Download
memory/620-23-0x0000000073D20000-0x00000000742D1000-memory.dmp

Filesize
5.7MB

Download
memory/1892-7-0x0000000073D22000-0x0000000073D23000-memory.dmp

Filesize
4KB

Download
memory/1892-20-0x0000000073D20000-0x00000000742D1000-memory.dmp

Filesize
5.7MB

Download
memory/1892-22-0x0000000073D20000-0x00000000742D1000-memory.dmp

Filesize
5.7MB

Download
memory/1892-8-0x0000000073D20000-0x00000000742D1000-memory.dmp

Filesize
5.7MB

Download
memory/1892-0-0x0000000073D22000-0x0000000073D23000-memory.dmp

Filesize
4KB

Download
memory/1892-2-0x0000000073D20000-0x00000000742D1000-memory.dmp

Filesize
5.7MB

Download
memory/1892-1-0x0000000073D20000-0x00000000742D1000-memory.dmp

Filesize
5.7MB

Download
memory/4676-25-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads