dd95ff1cd98b08e9c099e668053ce125c5feed1820d8e1b1f03b422010417b00

Analysis

max time kernel
134s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
08/02/2025, 19:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

44KB
MD5

83cac9da65204dca68d957c5731a7059
SHA1

0291f20c8144494e9eb06b818bed447afee91f09
SHA256

9704a03d01c430189525b18b519d77337e230ccd09ca37d2ee1a25a38f5cec0f
SHA512

4be4fc5cfd21ba4affff87ca1698ba63a62a2d899538ba6034e71a2451d63f545b4e29f8fd5875e0339f97eca360b46fac85d7ca26c7e37a8ea4b3ca65457673
SSDEEP

768:2QSYaefDRwYxmDTR9RAdJF4cZqF86eWkJ6ls5PyXbNOEF5M8awPPw:jjae1wYxmBBoskJt5REF5M8awPPw

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
77	2932	Process not Found

Deletes itself 1 IoCs

pid	Process
2912	Au_.exe

Executes dropped EXE 1 IoCs

pid	Process
2912	Au_.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Uninstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Au_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4532	MicrosoftEdgeUpdate.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral20/files/0x0007000000023e25-5.dat	nsis_installer_1

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4780	msedge.exe
4780	msedge.exe
2548	identity_helper.exe
2548	identity_helper.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe
4780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2912	2740	Uninstall.exe	90
PID 2740 wrote to memory of 2912	2740	Uninstall.exe	90
PID 2740 wrote to memory of 2912	2740	Uninstall.exe	90
PID 2912 wrote to memory of 4780	2912	Au_.exe	92
PID 2912 wrote to memory of 4780	2912	Au_.exe	92
PID 4780 wrote to memory of 2940	4780	msedge.exe	93
PID 4780 wrote to memory of 2940	4780	msedge.exe	93
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 1476	4780	msedge.exe	94
PID 4780 wrote to memory of 4080	4780	msedge.exe	95
PID 4780 wrote to memory of 4080	4780	msedge.exe	95
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96
PID 4780 wrote to memory of 4304	4780	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ardamax.com/keylogger/uninstall.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff319a46f8,0x7fff319a4708,0x7fff319a4718
      4⤵
      PID:2940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:1476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
      4⤵
      PID:4304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
      4⤵
      PID:2444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:4712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
      4⤵
      PID:4600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
      4⤵
      PID:904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
      4⤵
      PID:4180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
      4⤵
      PID:800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
      4⤵
      PID:1464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
      4⤵
      PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1571633755068009227,4509104853182727965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzEyN0E2MzktQzAyMS00NkY0LUJCODgtMEM0RDlBNTI4OTk0fSIgdXNlcmlkPSJ7MEJEMjQ3RUEtMEUxRi00NUQ5LTkzN0ItODJBNzY4MjlCMjNDfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7REE0QUE0MkUtQkY4RC00NEFELUI1NzktRTI5NzRDRjRCQ0IxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU4NjAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODIxNjMwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mjg4NzM5ODY0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4532

Network

DNS

www.ardamax.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.ardamax.com

IN A

Response

www.ardamax.com

IN A

72.52.178.23
GET

http://www.ardamax.com/keylogger/uninstall.html

msedge.exe

Remote address:

72.52.178.23:80

Request

GET /keylogger/uninstall.html HTTP/1.1
Host: www.ardamax.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Date: Sun, 09 Feb 2025 22:11:48 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://ww12.ardamax.com/keylogger/uninstall.html?usid=25&utid=9103949694
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Allow-Origin: *
DNS

ww12.ardamax.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ww12.ardamax.com

IN A

Response

ww12.ardamax.com

IN CNAME

084725.parkingcrew.net

084725.parkingcrew.net

IN A

76.223.26.96

084725.parkingcrew.net

IN A

13.248.148.254
GET

http://ww12.ardamax.com/keylogger/uninstall.html?usid=25&utid=9103949694

msedge.exe

Remote address:

76.223.26.96:80

Request

GET /keylogger/uninstall.html?usid=25&utid=9103949694 HTTP/1.1
Host: ww12.ardamax.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ch: viewport-width
Accept-Ch: dpr
Accept-Ch: device-memory
Accept-Ch: rtt
Accept-Ch: downlink
Accept-Ch: ect
Accept-Ch: ua
Accept-Ch: ua-full-version
Accept-Ch: ua-platform
Accept-Ch: ua-platform-version
Accept-Ch: ua-arch
Accept-Ch: ua-model
Accept-Ch: ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 09 Feb 2025 22:11:48 GMT
Server: Caddy
Server: nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Z/Gr0ASxD6TChvoisHK3y9KiDHBzotWflJhmq0A0riIIfS8xLOon3AkGOpSYNFXtjTWIITl9JhqkOM71qyreGA==
X-Buckets: bucket003
X-Domain: ardamax.com
X-Language: english
X-Pcrew-Blocked-Reason: hosting network
X-Pcrew-Ip-Organization: Datacamp
X-Subdomain: ww12
X-Template: tpl_CleanPeppermintBlack_twoclick
Transfer-Encoding: chunked
GET

http://ww12.ardamax.com/munin/a/tr/browserjs?domain=ardamax.com&toggle=browserjs&uid=MTczOTEzOTEwOC4yODcxOmUxYWI2ZjkxOGNhOTAyNjQ5YTExOTE3OWViOWE2OGYyY2U3YTU1NzQ2NTg3YTNlODE0Yjk0YjVlMmQ3MmUxMzU6NjdhOTI4MjQ0NjE0ZA%3D%3D

msedge.exe

Remote address:

76.223.26.96:80

Request

GET /munin/a/tr/browserjs?domain=ardamax.com&toggle=browserjs&uid=MTczOTEzOTEwOC4yODcxOmUxYWI2ZjkxOGNhOTAyNjQ5YTExOTE3OWViOWE2OGYyY2U3YTU1NzQ2NTg3YTNlODE0Yjk0YjVlMmQ3MmUxMzU6NjdhOTI4MjQ0NjE0ZA%3D%3D HTTP/1.1
Host: ww12.ardamax.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://ww12.ardamax.com/keylogger/uninstall.html?usid=25&utid=9103949694
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ch: viewport-width
Accept-Ch: dpr
Accept-Ch: device-memory
Accept-Ch: rtt
Accept-Ch: downlink
Accept-Ch: ect
Accept-Ch: ua
Accept-Ch: ua-full-version
Accept-Ch: ua-platform
Accept-Ch: ua-platform-version
Accept-Ch: ua-arch
Accept-Ch: ua-model
Accept-Ch: ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sun, 09 Feb 2025 22:11:50 GMT
Server: Caddy
Server: nginx
X-Custom-Track: browserjs
GET

http://ww12.ardamax.com/munin/a/ls?t=67a92824&token=490323773d8b8056338ccadeba4c49de794282de

msedge.exe

Remote address:

76.223.26.96:80

Request

GET /munin/a/ls?t=67a92824&token=490323773d8b8056338ccadeba4c49de794282de HTTP/1.1
Host: ww12.ardamax.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://ww12.ardamax.com/keylogger/uninstall.html?usid=25&utid=9103949694
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 201 Created

Accept-Ch: viewport-width
Accept-Ch: dpr
Accept-Ch: device-memory
Accept-Ch: rtt
Accept-Ch: downlink
Accept-Ch: ect
Accept-Ch: ua
Accept-Ch: ua-full-version
Accept-Ch: ua-platform
Accept-Ch: ua-platform-version
Accept-Ch: ua-arch
Accept-Ch: ua-model
Accept-Ch: ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin:
Access-Control-Max-Age: 86400
Charset: utf-8
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 09 Feb 2025 22:11:50 GMT
Server: Caddy
Server: nginx
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Olq5+vDb9/iIPpfCz8J4aI3kBSZDy9Qmwa+JliJMectwGdiqgQt293618lIQkrmia8dIfpMtu4Kv26AKVTBOmA==
X-Log-Success: 67a928264467e0e15009f182
Transfer-Encoding: chunked
GET

http://ww12.ardamax.com/munin/a/tr/answercheck/yes?domain=ardamax.com&caf=1&toggle=answercheck&answer=yes&uid=MTczOTEzOTEwOC4yODcxOmUxYWI2ZjkxOGNhOTAyNjQ5YTExOTE3OWViOWE2OGYyY2U3YTU1NzQ2NTg3YTNlODE0Yjk0YjVlMmQ3MmUxMzU6NjdhOTI4MjQ0NjE0ZA%3D%3D

msedge.exe

Remote address:

76.223.26.96:80

Request

GET /munin/a/tr/answercheck/yes?domain=ardamax.com&caf=1&toggle=answercheck&answer=yes&uid=MTczOTEzOTEwOC4yODcxOmUxYWI2ZjkxOGNhOTAyNjQ5YTExOTE3OWViOWE2OGYyY2U3YTU1NzQ2NTg3YTNlODE0Yjk0YjVlMmQ3MmUxMzU6NjdhOTI4MjQ0NjE0ZA%3D%3D HTTP/1.1
Host: ww12.ardamax.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://ww12.ardamax.com/keylogger/uninstall.html?usid=25&utid=9103949694
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _cq_duid=1.1739139110.6CLt09GzhuPBTdvZ; _cq_suid=1.1739139110.13TcAynVGJ3o74N7

Response

HTTP/1.1 200 OK

Accept-Ch: viewport-width
Accept-Ch: dpr
Accept-Ch: device-memory
Accept-Ch: rtt
Accept-Ch: downlink
Accept-Ch: ect
Accept-Ch: ua
Accept-Ch: ua-full-version
Accept-Ch: ua-platform
Accept-Ch: ua-platform-version
Accept-Ch: ua-arch
Accept-Ch: ua-model
Accept-Ch: ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sun, 09 Feb 2025 22:11:56 GMT
Server: Caddy
Server: nginx
X-Custom-Track: answercheck
GET

http://ww12.ardamax.com/favicon.ico

msedge.exe

Remote address:

76.223.26.96:80

Request

GET /favicon.ico HTTP/1.1
Host: ww12.ardamax.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://ww12.ardamax.com/keylogger/uninstall.html?usid=25&utid=9103949694
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _cq_duid=1.1739139110.6CLt09GzhuPBTdvZ; _cq_suid=1.1739139110.13TcAynVGJ3o74N7

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Length: 0
Content-Type: image/x-icon
Date: Sun, 09 Feb 2025 22:12:04 GMT
Etag: "670f7248-0"
Last-Modified: Wed, 16 Oct 2024 07:59:04 GMT
Server: Caddy
Server: nginx
DNS

parking3.parklogic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

parking3.parklogic.com

IN A

Response

parking3.parklogic.com

IN A

170.187.143.93
DNS

parking3.parklogic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

parking3.parklogic.com

IN A
DNS

euob.seaskydvd.com

msedge.exe

Remote address:

8.8.8.8:53

Request

euob.seaskydvd.com

IN A

Response

euob.seaskydvd.com

IN A

143.204.68.99

euob.seaskydvd.com

IN A

143.204.68.86

euob.seaskydvd.com

IN A

143.204.68.49

euob.seaskydvd.com

IN A

143.204.68.13
DNS

euob.seaskydvd.com

msedge.exe

Remote address:

8.8.8.8:53

Request

euob.seaskydvd.com

IN A
GET

https://parking3.parklogic.com/page/enhance.js?pcId=12&domain=ardamax.com

msedge.exe

Remote address:

170.187.143.93:443

Request

GET /page/enhance.js?pcId=12&domain=ardamax.com HTTP/2.0
host: parking3.parklogic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 09 Feb 2025 22:11:49 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
GET

https://euob.seaskydvd.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js

msedge.exe

Remote address:

143.204.68.99:443

Request

GET /sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js HTTP/2.0
host: euob.seaskydvd.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript; charset=utf-8
content-length: 40025
content-encoding: gzip
server: Caddy
date: Sun, 09 Feb 2025 12:37:24 GMT
cache-control: max-age=43200
expires: Mon, 10 Feb 2025 00:37:24 GMT
etag: "1abd1-QhfsCp7/JUWQMBchym81gg1uTAg"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3e01624605be2cc1fb592922856a08c6.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: 4P4RuDW_hjDR_C89f_j4XyBEuwtTjhTjukAMVXoEFMcNRestyj4oiQ==
age: 34466
GET

https://parking3.parklogic.com/page/scribe.php?pcId=12&domain=ardamax.com&pId=2447&usid=25&utid=9103949694&query=null&domainJs=ww12.ardamax.com&path=/keylogger/uninstall.html&ss=true&lp=1&tzB=UTC&wd=false&gpu=null

msedge.exe

Remote address:

170.187.143.93:443

Request

GET /page/scribe.php?pcId=12&domain=ardamax.com&pId=2447&usid=25&utid=9103949694&query=null&domainJs=ww12.ardamax.com&path=/keylogger/uninstall.html&ss=true&lp=1&tzB=UTC&wd=false&gpu=null HTTP/2.0
host: parking3.parklogic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: http://ww12.ardamax.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 09 Feb 2025 22:11:55 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.204.68
DNS

d38psrni17bvxu.cloudfront.net

msedge.exe

Remote address:

8.8.8.8:53

Request

d38psrni17bvxu.cloudfront.net

IN A

Response

d38psrni17bvxu.cloudfront.net

IN A

99.86.249.190

d38psrni17bvxu.cloudfront.net

IN A

99.86.249.202

d38psrni17bvxu.cloudfront.net

IN A

99.86.249.97

d38psrni17bvxu.cloudfront.net

IN A

99.86.249.105
GET

http://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true

msedge.exe

Remote address:

216.58.204.68:80

Request

GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1
Host: www.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://ww12.ardamax.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 09 Feb 2025 22:11:52 GMT
Expires: Sun, 09 Feb 2025 22:11:52 GMT
Cache-Control: private, max-age=3600
ETag: "10645322787274142848"
X-Content-Type-Options: nosniff
Link: <https://syndicatedsearch.goog>; rel="preconnect"
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
GET

http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

msedge.exe

Remote address:

99.86.249.190:80

Request

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://ww12.ardamax.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sun, 09 Feb 2025 11:06:04 GMT
Last-Modified: Thu, 21 Mar 2024 11:48:11 GMT
ETag: "65fc1e7b-2c6f"
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 9a0da3962832290b2dd219763f12257a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: Vpnzuwne5ILCytee2ntbtTHA8D3ipReYI99Ky0OkGCPIl3dyQ7Fjvw==
Age: 39948
DNS

obseu.seaskydvd.com

msedge.exe

Remote address:

8.8.8.8:53

Request

obseu.seaskydvd.com

IN A

Response

obseu.seaskydvd.com

IN A

3.248.162.96

obseu.seaskydvd.com

IN A

34.251.101.162

obseu.seaskydvd.com

IN A

54.75.69.192
GET

https://obseu.seaskydvd.com/ct?id=80705&url=http%3A%2F%2Fww12.ardamax.com%2Fkeylogger%2Funinstall.html%3Fusid%3D25%26utid%3D9103949694&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=490323773d8b8056338ccadeba4c49de794282de&tsf=0&tsfmi=&tsfu=&cb=1739139110792&hl=1&op=0&ag=2318139085&rand=73082850582060111252027085020019000080157011066188256092600902268851272696729151518767&fs=1280x609&fst=1280x609&np=win32&nv=google%20inc.&ref=&ss=1280x720&nc=0&at=&di=W1siZWYiLDc2MzRdLFsiYWJuY2giLDEzXSxbLTEyLCJcIjFcIiJdLFstMjMsIisiXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAwMTEwMTEwMTAwMTEwMTAwMDAwMTAiXSxbLTQ3LCJVVEMsZW4tVVMsbGF0bixncmVnb3J5Il0sWy02MCwxOTJdLFstNzEsImEwMDAwMTAxMTAwMTAwMTAwMDAwMTAxMDAwMDExMTAwMDAwMDEwIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTM0LCItIl0sWy00MCwiMzMiXSxbLTQ5LCItIl0sWy01MSwiLSJdLFstNTksImRlbmllZCJdLFstNjIsIjgwIl0sWy0xLCItIl0sWy02MywiMCJdLFstNjUsIi0iXSxbLTcwLCItIl0sWy0xNywiOCJdLFstMzgsImksLTEsLTEsNzkxLDAsMiwwLDYxLDM0LDgzLC0xLDAsMTA0NCwzNTA1LDM3NDEsMzc0MiJdLFstNDYsIjAiXSxbLTUwLCItIl0sWy01MiwiLSJdLFstNTUsIjAiXSxbLTE1LCItIl0sWy0yNSwiLSJdLFstNDUsIjYyMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDY1MiwwLDAsMCw2NzIsMCw2NzMsMCwwLDAsMCwwLDAsMCwwLDAsNjc3LDAsNjc2LDAsNjE3Il0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiXzNcIixcIjI4NzI4OTkzMjBcIl0sXCJkXCI6W10sXCJiXCI6W1wiXzBcIixcIjI2NDYwMzg4MlwiXSxcInNcIjoxfSJdLFstNjcsIi0iXSxbLTksIisiXSxbLTE0LCItIl0sWy0xNiwiMCJdLFstMTgsIlswLDAsMCwxXSJdLFstMzIsIjAiXSxbLTM1LCJbMTczOTEzOTExMDUxMiwwXSJdLFstMzcsIi0xMDktNTQtNTgtIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJtaGpmYm1kZ2NmamJicGFlb2pvZm9ob2VmZ2llaGphaVwiLFwiaW50ZXJuYWwtbmFjbC1wbHVnaW5cIl0iXSxbLTEwLCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W119Il0sWy0xOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTI4MCw2ODAsMTI4MCw3MjAsMTI4MCw2ODAsMTI4MCw2MDksMCwwLDAsMCxcIi1cIixcIi1cIiwxMjYzLDYwOSxudWxsXSJdLFstMjAsIi0iXSxbLTU4LCItIl0sWy02OSwiV2luMzJ8R29vZ2xlIEluYy58fDh8LXwtIl0sWy01LCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwidXNpZFwiLFwidXRpZFwiLFwicGF0aFwiLFwiZ2V0R1BVVmVuZG9yXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTI0LCJbXSJdLFstMjcsIlsxMDAsMS41NSwwLFwiNGdcIixudWxsXSJdLFstMzEsImZhbHNlIl0sWy0zNiwiW1wiMTYvOVwiLFwiMTYvOVwiXSJdLFstNDQsIjAsMCwwLDUiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNywiLSJdLFstOCwiLSJdLFstMTMsIi0iXSxbLTIxLCItIl0sWy0yNiwie1widGpoc1wiOjM3Mzk1MTIsXCJ1amhzXCI6MzQ2MjY5MixcImpoc2xcIjoyMTcyNjQ5NDcyfSJdLFstMzAsIltcInZcIiwwXSJdLFstMzksIltcIjIwMDMwMTA3XCIsNCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsMyxudWxsLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZV0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy00OCwiMCwwIl0sWy02MSwiLSJdLFstNjYsImdlb2xvY2F0aW9uLG1pZGksY2hlY3QsdXNiLG1hZ25ldG9tZXRlcixwaWN0dXJlaW5waWN0dXJlLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LGFjY2VsZXJvbWV0ZXIsZG9jdW1lbnRkb21haW4sc2VyaWFsLGVuY3J5cHRlZG1lZGlhLGNoZG93bmxpbmssY2h1YWFyY2gsY2xpcGJvYXJkd3JpdGUsY2hwcmVmZXJzY29sb3JzY2hlbWUsc3luY3hocixjaHdpZHRoLGNodWFwbGF0Zm9ybXZlcnNpb24sY2h1YW1vZGVsLHhyc3BhdGlhbHRyYWNraW5nLGNobGFuZyxjbGlwYm9hcmRyZWFkLGNhbWVyYSxjaHZpZXdwb3J0d2lkdGgscGF5bWVudCxjaHJ0dCxjaHVhZnVsbHZlcnNpb24sZnVsbHNjcmVlbixhdXRvcGxheSxzdG9yYWdlYWNjZXNzYXBpLGNyb3Nzb3JpZ2luaXNvbGF0ZWQsY2hkcHIsaGlkLGNodWFwbGF0Zm9ybSxzY3JlZW53YWtlbG9jayxneXJvc2NvcGUsY2h1YW1vYmlsZSxjaGRldmljZW1lbW9yeSxjaHVhLG1pY3JvcGhvbmUiXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImdvb2dsZSBpbmMuIChudmlkaWEpXCIsXCJyXCI6XCJhbmdsZSAobnZpZGlhLCBudmlkaWEgZ2Vmb3JjZSBydHggMzA2MCB0aSBkaXJlY3QzZDExIHZzXzVfMCBwc181XzAsIGQzZDExLTEwLjAuMTkwNDEuNTQ2KVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjoyMSxcIndnbFwiOjEsXCJncmVuXCI6XCJ3ZWJraXQgd2ViZ2xcIixcInNlZlwiOjI4Mzg2MzE3MTYsXCJzZWNcIjpcIlwifSJdLFstNCwiLSJdLFstMjksIi0iXSxbLTMzLCItIl0sWy01MywiMTAwIl0sWy01NywiV0UwWmVFdExXRUFYVDF3WkVWRk5UVWxLQXhZV1hFeFdXeGRLWEZoS1VrQmRUMTBYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnRER3QUxDQThRRlZoTkdVc1pFVkZOVFVsS0F4WVdYRXhXV3hkS1hGaEtVa0JkVDEwWFdsWlVGa3BCU1JaUUZnc0xEVjhCREFvSkMxaFlDMXNQWEZvS0NWaFlXZ0JZQVF4ZFdBdGFXMThBRjFOS0F3Z0REZ29CQUE0USJdLFstNjQsIi0iXSxbLTY4LCItIl0sWyJibmNoIiwzMjZdLFstMiwiMjIzLGVjWFZXMS90cnRuSHR1bVQ2VFRIb2pwRkFsQkFLRUpnYURSanFDTkduU0JWVEV3bnZHSnlnUGxhZW9ZS0dJOUFDaUZBR0pFRHFFVUFMSmhQUmtVaWJUeXkzbm5GMy92M1h1M0ciXSxbLTQxLCItIl0sWyJkZGIiLCIxLDIyMywxLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwxLDEsMCwxLDAsMCwwLDYsMSwyMjEsMCwxLDAsMTIsMCwwLDAsMCwwLDAsMSwwLDgsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMSJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDAsMCwyLDAsMCwyNSwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMSwwLDAsMSwwLDAsMSwwLDcsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl1d&dep=0&pre=0&sdd=&cri=Xx6jkHemlx&pto=4256&ver=63&gac=-&mei=&ap=&fe=1&duid=1.1739139110.6CLt09GzhuPBTdvZ&suid=1.1739139110.13TcAynVGJ3o74N7&tuid=1.1739139110.TL3sGezNRWNyz5dO&fbc=-&gtm=-&it=7%2C1013%2C2668&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D

msedge.exe

Remote address:

3.248.162.96:443

Request

GET /ct?id=80705&url=http%3A%2F%2Fww12.ardamax.com%2Fkeylogger%2Funinstall.html%3Fusid%3D25%26utid%3D9103949694&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=490323773d8b8056338ccadeba4c49de794282de&tsf=0&tsfmi=&tsfu=&cb=1739139110792&hl=1&op=0&ag=2318139085&rand=73082850582060111252027085020019000080157011066188256092600902268851272696729151518767&fs=1280x609&fst=1280x609&np=win32&nv=google%20inc.&ref=&ss=1280x720&nc=0&at=&di=W1siZWYiLDc2MzRdLFsiYWJuY2giLDEzXSxbLTEyLCJcIjFcIiJdLFstMjMsIisiXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAwMTEwMTEwMTAwMTEwMTAwMDAwMTAiXSxbLTQ3LCJVVEMsZW4tVVMsbGF0bixncmVnb3J5Il0sWy02MCwxOTJdLFstNzEsImEwMDAwMTAxMTAwMTAwMTAwMDAwMTAxMDAwMDExMTAwMDAwMDEwIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTM0LCItIl0sWy00MCwiMzMiXSxbLTQ5LCItIl0sWy01MSwiLSJdLFstNTksImRlbmllZCJdLFstNjIsIjgwIl0sWy0xLCItIl0sWy02MywiMCJdLFstNjUsIi0iXSxbLTcwLCItIl0sWy0xNywiOCJdLFstMzgsImksLTEsLTEsNzkxLDAsMiwwLDYxLDM0LDgzLC0xLDAsMTA0NCwzNTA1LDM3NDEsMzc0MiJdLFstNDYsIjAiXSxbLTUwLCItIl0sWy01MiwiLSJdLFstNTUsIjAiXSxbLTE1LCItIl0sWy0yNSwiLSJdLFstNDUsIjYyMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDY1MiwwLDAsMCw2NzIsMCw2NzMsMCwwLDAsMCwwLDAsMCwwLDAsNjc3LDAsNjc2LDAsNjE3Il0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiXzNcIixcIjI4NzI4OTkzMjBcIl0sXCJkXCI6W10sXCJiXCI6W1wiXzBcIixcIjI2NDYwMzg4MlwiXSxcInNcIjoxfSJdLFstNjcsIi0iXSxbLTksIisiXSxbLTE0LCItIl0sWy0xNiwiMCJdLFstMTgsIlswLDAsMCwxXSJdLFstMzIsIjAiXSxbLTM1LCJbMTczOTEzOTExMDUxMiwwXSJdLFstMzcsIi0xMDktNTQtNTgtIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJtaGpmYm1kZ2NmamJicGFlb2pvZm9ob2VmZ2llaGphaVwiLFwiaW50ZXJuYWwtbmFjbC1wbHVnaW5cIl0iXSxbLTEwLCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W119Il0sWy0xOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTI4MCw2ODAsMTI4MCw3MjAsMTI4MCw2ODAsMTI4MCw2MDksMCwwLDAsMCxcIi1cIixcIi1cIiwxMjYzLDYwOSxudWxsXSJdLFstMjAsIi0iXSxbLTU4LCItIl0sWy02OSwiV2luMzJ8R29vZ2xlIEluYy58fDh8LXwtIl0sWy01LCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwidXNpZFwiLFwidXRpZFwiLFwicGF0aFwiLFwiZ2V0R1BVVmVuZG9yXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTI0LCJbXSJdLFstMjcsIlsxMDAsMS41NSwwLFwiNGdcIixudWxsXSJdLFstMzEsImZhbHNlIl0sWy0zNiwiW1wiMTYvOVwiLFwiMTYvOVwiXSJdLFstNDQsIjAsMCwwLDUiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNywiLSJdLFstOCwiLSJdLFstMTMsIi0iXSxbLTIxLCItIl0sWy0yNiwie1widGpoc1wiOjM3Mzk1MTIsXCJ1amhzXCI6MzQ2MjY5MixcImpoc2xcIjoyMTcyNjQ5NDcyfSJdLFstMzAsIltcInZcIiwwXSJdLFstMzksIltcIjIwMDMwMTA3XCIsNCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsMyxudWxsLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZV0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy00OCwiMCwwIl0sWy02MSwiLSJdLFstNjYsImdlb2xvY2F0aW9uLG1pZGksY2hlY3QsdXNiLG1hZ25ldG9tZXRlcixwaWN0dXJlaW5waWN0dXJlLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LGFjY2VsZXJvbWV0ZXIsZG9jdW1lbnRkb21haW4sc2VyaWFsLGVuY3J5cHRlZG1lZGlhLGNoZG93bmxpbmssY2h1YWFyY2gsY2xpcGJvYXJkd3JpdGUsY2hwcmVmZXJzY29sb3JzY2hlbWUsc3luY3hocixjaHdpZHRoLGNodWFwbGF0Zm9ybXZlcnNpb24sY2h1YW1vZGVsLHhyc3BhdGlhbHRyYWNraW5nLGNobGFuZyxjbGlwYm9hcmRyZWFkLGNhbWVyYSxjaHZpZXdwb3J0d2lkdGgscGF5bWVudCxjaHJ0dCxjaHVhZnVsbHZlcnNpb24sZnVsbHNjcmVlbixhdXRvcGxheSxzdG9yYWdlYWNjZXNzYXBpLGNyb3Nzb3JpZ2luaXNvbGF0ZWQsY2hkcHIsaGlkLGNodWFwbGF0Zm9ybSxzY3JlZW53YWtlbG9jayxneXJvc2NvcGUsY2h1YW1vYmlsZSxjaGRldmljZW1lbW9yeSxjaHVhLG1pY3JvcGhvbmUiXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImdvb2dsZSBpbmMuIChudmlkaWEpXCIsXCJyXCI6XCJhbmdsZSAobnZpZGlhLCBudmlkaWEgZ2Vmb3JjZSBydHggMzA2MCB0aSBkaXJlY3QzZDExIHZzXzVfMCBwc181XzAsIGQzZDExLTEwLjAuMTkwNDEuNTQ2KVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjoyMSxcIndnbFwiOjEsXCJncmVuXCI6XCJ3ZWJraXQgd2ViZ2xcIixcInNlZlwiOjI4Mzg2MzE3MTYsXCJzZWNcIjpcIlwifSJdLFstNCwiLSJdLFstMjksIi0iXSxbLTMzLCItIl0sWy01MywiMTAwIl0sWy01NywiV0UwWmVFdExXRUFYVDF3WkVWRk5UVWxLQXhZV1hFeFdXeGRLWEZoS1VrQmRUMTBYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnRER3QUxDQThRRlZoTkdVc1pFVkZOVFVsS0F4WVdYRXhXV3hkS1hGaEtVa0JkVDEwWFdsWlVGa3BCU1JaUUZnc0xEVjhCREFvSkMxaFlDMXNQWEZvS0NWaFlXZ0JZQVF4ZFdBdGFXMThBRjFOS0F3Z0REZ29CQUE0USJdLFstNjQsIi0iXSxbLTY4LCItIl0sWyJibmNoIiwzMjZdLFstMiwiMjIzLGVjWFZXMS90cnRuSHR1bVQ2VFRIb2pwRkFsQkFLRUpnYURSanFDTkduU0JWVEV3bnZHSnlnUGxhZW9ZS0dJOUFDaUZBR0pFRHFFVUFMSmhQUmtVaWJUeXkzbm5GMy92M1h1M0ciXSxbLTQxLCItIl0sWyJkZGIiLCIxLDIyMywxLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwxLDEsMCwxLDAsMCwwLDYsMSwyMjEsMCwxLDAsMTIsMCwwLDAsMCwwLDAsMSwwLDgsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMSJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDAsMCwyLDAsMCwyNSwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMSwwLDAsMSwwLDAsMSwwLDcsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl1d&dep=0&pre=0&sdd=&cri=Xx6jkHemlx&pto=4256&ver=63&gac=-&mei=&ap=&fe=1&duid=1.1739139110.6CLt09GzhuPBTdvZ&suid=1.1739139110.13TcAynVGJ3o74N7&tuid=1.1739139110.TL3sGezNRWNyz5dO&fbc=-&gtm=-&it=7%2C1013%2C2668&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D HTTP/2.0
host: obseu.seaskydvd.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/javascript
date: Sun, 09 Feb 2025 22:11:52 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
set-cookie: cg_uuid=9e58c09e34415ff3377d8ba03ae94d9a; Max-Age=29030400; Path=/; Expires=Sun, 11 Jan 2026 22:11:52 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: http://ww12.ardamax.com
content-length: 1212
GET

https://obseu.seaskydvd.com/tracker/tc_imp.gif?e=37dfbd8ee84e001269e7c636e3468b9f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f6740d78681542c364efd7c7305826d8961c40337512bc103005c645156c2ea621e77be26bb25cb43e2913af24c6eac0f337c12c452e841ec8bc59a7ee46a56a82b9eec47679c796e092818c5871d61eb72bffeb1ba131be20ecca7478c31db6bda508e1547f77303fd1f564c2acf503ed79ffca8328828bf7d8557ec4b7274a7d43169230121e118f58109ac5d6ead83c6771e217dcf965d78c9df014b354d73190bb98a29617819a5f94869effaa37fd2b944771e2bb5a5a384ed23e9c2d758f55682513e60d3ee9da7ea26d289a3799d210ed8fccf2f1145f16666fec1166cbaddf37c8a01fd46bad01d934bc29d2bc16b278a8b798d779ad1eff28ce7ff0b6fb473a4b1e8711570fcd97c8ff305b247585095090bd8819984c0f18a7dc12dcb90b88d7de96c362388732785829240299ce265a40fba845c9d71f02d150f43da3db9528794fc2ee3d1639347b1cf929b6189191c3eb31e04547d5873cbec3be70b94cdc77ce5bb45bdde6cdac2b1ad33cfa7e41f3e28c6a94e43dfb0194a05e4acba74b62688b904fdea3cc328e345c00f8d04cab868984776bdf0827b2f63315d7e520240eab0db39c01ea51b1f0570afe50b86c7461ef4aa81a8a07e95bc97a0dfadf1b5321b2ef1559ba4457cd51116478e36033515a269a56404d0f7d321d672dd4e8ab731ccba0585660c29271e61109ac489c72e2f10c34c579fc1d8a5b1cd500c9fb3b47c97cf6d7dabae563c608edb811341c543d119f508ff2dd857829c01f2a833fc9a8fd1914661e6e13a639c77a5e9e3da5fc20a436c06cb6f472eb6b1439da85193cd89c246cc9986340d3e46bd34aa04aa4bd6fd6ad545166b3f581a01a8108bd54c47a57d82e7a327d3a420906631eb486e269ff4c35e0baa2089d1438b43685f14de6e7bdbf0897ac1552288d146e3cdd7fe9c509a0004301ff26b3712c1c54e4eb021e6fcc9319d93b14c4f76a36a200802c60b42b9dabd49039a626dc1c8c4129c96a8c54423b838a71535159f0c3175d4d004418cd6ffc4bbe446f330a772c774829d08c2edf82d3ff3941981e7fec098ac85966d1cdbf42f03ca63d15fd0&cri=Xx6jkHemlx&ts=431&cb=1739139111223

msedge.exe

Remote address:

3.248.162.96:443

Request

GET /tracker/tc_imp.gif?e=37dfbd8ee84e001269e7c636e3468b9f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f6740d78681542c364efd7c7305826d8961c40337512bc103005c645156c2ea621e77be26bb25cb43e2913af24c6eac0f337c12c452e841ec8bc59a7ee46a56a82b9eec47679c796e092818c5871d61eb72bffeb1ba131be20ecca7478c31db6bda508e1547f77303fd1f564c2acf503ed79ffca8328828bf7d8557ec4b7274a7d43169230121e118f58109ac5d6ead83c6771e217dcf965d78c9df014b354d73190bb98a29617819a5f94869effaa37fd2b944771e2bb5a5a384ed23e9c2d758f55682513e60d3ee9da7ea26d289a3799d210ed8fccf2f1145f16666fec1166cbaddf37c8a01fd46bad01d934bc29d2bc16b278a8b798d779ad1eff28ce7ff0b6fb473a4b1e8711570fcd97c8ff305b247585095090bd8819984c0f18a7dc12dcb90b88d7de96c362388732785829240299ce265a40fba845c9d71f02d150f43da3db9528794fc2ee3d1639347b1cf929b6189191c3eb31e04547d5873cbec3be70b94cdc77ce5bb45bdde6cdac2b1ad33cfa7e41f3e28c6a94e43dfb0194a05e4acba74b62688b904fdea3cc328e345c00f8d04cab868984776bdf0827b2f63315d7e520240eab0db39c01ea51b1f0570afe50b86c7461ef4aa81a8a07e95bc97a0dfadf1b5321b2ef1559ba4457cd51116478e36033515a269a56404d0f7d321d672dd4e8ab731ccba0585660c29271e61109ac489c72e2f10c34c579fc1d8a5b1cd500c9fb3b47c97cf6d7dabae563c608edb811341c543d119f508ff2dd857829c01f2a833fc9a8fd1914661e6e13a639c77a5e9e3da5fc20a436c06cb6f472eb6b1439da85193cd89c246cc9986340d3e46bd34aa04aa4bd6fd6ad545166b3f581a01a8108bd54c47a57d82e7a327d3a420906631eb486e269ff4c35e0baa2089d1438b43685f14de6e7bdbf0897ac1552288d146e3cdd7fe9c509a0004301ff26b3712c1c54e4eb021e6fcc9319d93b14c4f76a36a200802c60b42b9dabd49039a626dc1c8c4129c96a8c54423b838a71535159f0c3175d4d004418cd6ffc4bbe446f330a772c774829d08c2edf82d3ff3941981e7fec098ac85966d1cdbf42f03ca63d15fd0&cri=Xx6jkHemlx&ts=431&cb=1739139111223 HTTP/2.0
host: obseu.seaskydvd.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cg_uuid=9e58c09e34415ff3377d8ba03ae94d9a

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
date: Sun, 09 Feb 2025 22:12:01 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
content-length: 43
POST

https://obseu.seaskydvd.com/mon

msedge.exe

Remote address:

3.248.162.96:443

Request

POST /mon HTTP/2.0
host: obseu.seaskydvd.com
content-length: 4544
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: http://ww12.ardamax.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cg_uuid=9e58c09e34415ff3377d8ba03ae94d9a

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww12.ardamax.com
content-type: application/json
date: Sun, 09 Feb 2025 22:12:01 GMT
content-length: 0
POST

https://obseu.seaskydvd.com/mon

msedge.exe

Remote address:

3.248.162.96:443

Request

POST /mon HTTP/2.0
host: obseu.seaskydvd.com
content-length: 1770
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: http://ww12.ardamax.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cg_uuid=9e58c09e34415ff3377d8ba03ae94d9a

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww12.ardamax.com
content-type: application/json
date: Sun, 09 Feb 2025 22:12:01 GMT
content-length: 0
POST

https://obseu.seaskydvd.com/mon

msedge.exe

Remote address:

3.248.162.96:443

Request

POST /mon HTTP/2.0
host: obseu.seaskydvd.com
content-length: 1770
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: http://ww12.ardamax.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cg_uuid=9e58c09e34415ff3377d8ba03ae94d9a

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww12.ardamax.com
content-type: application/json
date: Sun, 09 Feb 2025 22:12:01 GMT
content-length: 0
POST

https://obseu.seaskydvd.com/mon

msedge.exe

Remote address:

3.248.162.96:443

Request

POST /mon HTTP/2.0
host: obseu.seaskydvd.com
content-length: 1773
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: http://ww12.ardamax.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cg_uuid=9e58c09e34415ff3377d8ba03ae94d9a

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww12.ardamax.com
content-type: application/json
date: Sun, 09 Feb 2025 22:12:02 GMT
content-length: 0
POST

https://obseu.seaskydvd.com/mon

msedge.exe

Remote address:

3.248.162.96:443

Request

POST /mon HTTP/2.0
host: obseu.seaskydvd.com
content-length: 1773
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: http://ww12.ardamax.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cg_uuid=9e58c09e34415ff3377d8ba03ae94d9a

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww12.ardamax.com
content-type: application/json
date: Sun, 09 Feb 2025 22:12:07 GMT
content-length: 0
POST

https://obseu.seaskydvd.com/mon

msedge.exe

Remote address:

3.248.162.96:443

Request

POST /mon HTTP/2.0
host: obseu.seaskydvd.com
content-length: 1773
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: http://ww12.ardamax.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cg_uuid=9e58c09e34415ff3377d8ba03ae94d9a

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww12.ardamax.com
content-type: application/json
date: Sun, 09 Feb 2025 22:12:22 GMT
content-length: 0
POST

https://obseu.seaskydvd.com/mon

msedge.exe

Remote address:

3.248.162.96:443

Request

POST /mon HTTP/2.0
host: obseu.seaskydvd.com
content-length: 1773
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: http://ww12.ardamax.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cg_uuid=9e58c09e34415ff3377d8ba03ae94d9a

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: http://ww12.ardamax.com
content-type: application/json
date: Sun, 09 Feb 2025 22:12:52 GMT
content-length: 0
DNS

syndicatedsearch.goog

msedge.exe

Remote address:

8.8.8.8:53

Request

syndicatedsearch.goog

IN A

Response

syndicatedsearch.goog

IN A

142.250.187.206
GET

https://syndicatedsearch.goog/afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000001%2Cbucket003&client=dp-teaminternet04_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww12.ardamax.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2N2E5MjgyNDQ2MTJkfHx8MTczOTEzOTEwOC4zMDY2fDRkNWFmZDA0YzE5YmYyNzljYTU4YjEyMTU5ZWMyOGZlOGJhNGJkZjR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDQ5MDMyMzc3M2Q4YjgwNTYzMzhjY2FkZWJhNGM0OWRlNzk0MjgyZGV8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHx8fHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2758074928654248&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301550%2C17301266%2C72717107&format=r3%7Cs&nocache=4501739139111335&num=0&output=afd_ads&domain_name=ww12.ardamax.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1739139111335&u_w=1280&u_h=720&biw=1263&bih=609&psw=1263&psh=754&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=723063605&rurl=http%3A%2F%2Fww12.ardamax.com%2Fkeylogger%2Funinstall.html%3Fusid%3D25%26utid%3D9103949694

msedge.exe

Remote address:

142.250.187.206:443

Request

GET /afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000001%2Cbucket003&client=dp-teaminternet04_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww12.ardamax.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2N2E5MjgyNDQ2MTJkfHx8MTczOTEzOTEwOC4zMDY2fDRkNWFmZDA0YzE5YmYyNzljYTU4YjEyMTU5ZWMyOGZlOGJhNGJkZjR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDQ5MDMyMzc3M2Q4YjgwNTYzMzhjY2FkZWJhNGM0OWRlNzk0MjgyZGV8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHx8fHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2758074928654248&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301550%2C17301266%2C72717107&format=r3%7Cs&nocache=4501739139111335&num=0&output=afd_ads&domain_name=ww12.ardamax.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1739139111335&u_w=1280&u_h=720&biw=1263&bih=609&psw=1263&psh=754&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=723063605&rurl=http%3A%2F%2Fww12.ardamax.com%2Fkeylogger%2Funinstall.html%3Fusid%3D25%26utid%3D9103949694 HTTP/2.0
host: syndicatedsearch.goog
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://ww12.ardamax.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://syndicatedsearch.goog/adsense/domains/caf.js

msedge.exe

Remote address:

142.250.187.206:443

Request

GET /adsense/domains/caf.js HTTP/2.0
host: syndicatedsearch.goog
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://syndicatedsearch.goog/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

partner.googleadservices.com

msedge.exe

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A
DNS

partner.googleadservices.com

msedge.exe

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A
DNS

partner.googleadservices.com

msedge.exe

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A
DNS

partner.googleadservices.com

msedge.exe

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A
DNS

partner.googleadservices.com

msedge.exe

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A
DNS

afs.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

afs.googleusercontent.com

IN A

Response

afs.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

172.217.169.65
GET

https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff

msedge.exe

Remote address:

172.217.169.65:443

Request

GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/2.0
host: afs.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://syndicatedsearch.goog/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

msedge.exe

Remote address:

172.217.169.65:443

Request

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/2.0
host: afs.googleusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://syndicatedsearch.goog/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

msedge.api.cdp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.api.cdp.microsoft.com

IN A

Response

msedge.api.cdp.microsoft.com

IN CNAME

api.cdp.microsoft.com

api.cdp.microsoft.com

IN CNAME

glb.api.prod.dcat.dsp.trafficmanager.net

glb.api.prod.dcat.dsp.trafficmanager.net

IN A

4.245.161.190
POST

https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

Remote address:

4.245.161.190:443

Request

POST /api/v2/contents/Browser/namespaces/Default/names?action=batchupdates HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
ms-correlationid: {3127A639-C021-46F4-BB88-0C4D9A528994}
ms-requestid: {A82B5483-C966-4501-AC9E-AC705B05506F}
ms-cv: OaYnMSHA9Ea7iAxNmlKJlA.0
x-last-hr: 0x0
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 1
content-length: 2540

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Sun, 09 Feb 2025 22:12:01 GMT
content-length: 298
ms-correlationid: 3127a639-c021-46f4-bb88-0c4d9a528994
ms-requestid: a82b5483-c966-4501-ac9e-ac705b05506f
ms-cv: {3127A639-C021-46F4-BB88-0C4D9A528994}.0
POST

https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false

Remote address:

4.245.161.190:443

Request

POST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
ms-correlationid: {3127A639-C021-46F4-BB88-0C4D9A528994}
ms-requestid: {B081687B-1506-45CE-BE73-E796E4B7E5A6}
ms-cv: OaYnMSHA9Ea7iAxNmlKJlA.1
x-last-hr: 0x0
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 1
content-length: 2

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Sun, 09 Feb 2025 22:12:01 GMT
content-length: 5357
ms-correlationid: 3127a639-c021-46f4-bb88-0c4d9a528994
ms-requestid: b081687b-1506-45ce-be73-e796e4b7e5a6
ms-cv: {3127A639-C021-46F4-BB88-0C4D9A528994}.0
DNS

www.godaddy.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.godaddy.com

IN A

Response

www.godaddy.com

IN CNAME

wildcard-ipv6.godaddy.com.edgekey.net

wildcard-ipv6.godaddy.com.edgekey.net

IN CNAME

e6001.dscx.akamaiedge.net

e6001.dscx.akamaiedge.net

IN A

184.26.44.14
DNS

msedge.b.tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-tlu-net.trafficmanager.net

cdp-f-tlu-net.trafficmanager.net

IN CNAME

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.81.129.180

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.80.49.21

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.81.130.133

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.81.130.134

edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com

IN A

91.81.129.181
DNS

msedge.b.tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN A
HEAD

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

HEAD /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 200 OK

Date: Sun, 09 Feb 2025 22:12:08 GMT
Content-Type: application/octet-stream
Content-Length: 177180216
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709ead70-2757982449-1
Ocn-Served-By: QLT
Accept-Ranges: bytes
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=0-1119
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:08 GMT
Content-Type: application/octet-stream
Content-Length: 1120
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709eb141-2757982449-2
Ocn-Served-By: QLT
Content-Range: bytes 0-1119/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=1120-1147
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:14 GMT
Content-Type: application/octet-stream
Content-Length: 28
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709ef30a-2757982449-3
Ocn-Served-By: QLT
Content-Range: bytes 1120-1147/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=1148-2170
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:16 GMT
Content-Type: application/octet-stream
Content-Length: 1023
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f0071-2757982449-4
Ocn-Served-By: QLT
Content-Range: bytes 1148-2170/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=2171-6784
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:17 GMT
Content-Type: application/octet-stream
Content-Length: 4614
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f0e99-2757982449-5
Ocn-Served-By: QLT
Content-Range: bytes 2171-6784/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=6785-10913
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:18 GMT
Content-Type: application/octet-stream
Content-Length: 4129
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f177c-2757982449-6
Ocn-Served-By: QLT
Content-Range: bytes 6785-10913/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=10914-29689
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:20 GMT
Content-Type: application/octet-stream
Content-Length: 18776
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f2e50-2757982449-7
Ocn-Served-By: QLT
Content-Range: bytes 10914-29689/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=29690-83463
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:21 GMT
Content-Type: application/octet-stream
Content-Length: 53774
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f3a82-2757982449-8
Ocn-Served-By: QLT
Content-Range: bytes 29690-83463/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=83464-181223
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:23 GMT
Content-Type: application/octet-stream
Content-Length: 97760
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f5411-2757982449-9
Ocn-Served-By: QLT
Content-Range: bytes 83464-181223/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=181224-234944
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:24 GMT
Content-Type: application/octet-stream
Content-Length: 53721
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f5a47-2757982449-10
Ocn-Served-By: QLT
Content-Range: bytes 181224-234944/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=234945-517034
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:25 GMT
Content-Type: application/octet-stream
Content-Length: 282090
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f6bde-2757982449-11
Ocn-Served-By: QLT
Content-Range: bytes 234945-517034/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=517035-874624
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:26 GMT
Content-Type: application/octet-stream
Content-Length: 357590
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f70ce-2757982449-12
Ocn-Served-By: QLT
Content-Range: bytes 517035-874624/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=874625-1716942
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:27 GMT
Content-Type: application/octet-stream
Content-Length: 842318
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f7c74-2757982449-13
Ocn-Served-By: QLT
Content-Range: bytes 874625-1716942/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=1716943-2524864
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:28 GMT
Content-Type: application/octet-stream
Content-Length: 807922
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f86dc-2757982449-14
Ocn-Served-By: QLT
Content-Range: bytes 1716943-2524864/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=2524865-4231034
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:30 GMT
Content-Type: application/octet-stream
Content-Length: 1706170
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709f99de-2757982449-15
Ocn-Served-By: QLT
Content-Range: bytes 2524865-4231034/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=4231035-5037421
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:35 GMT
Content-Type: application/octet-stream
Content-Length: 806387
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 10000005709fcff9-2757982449-16
Ocn-Served-By: QLT
Content-Range: bytes 4231035-5037421/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=5037422-5596895
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:44 GMT
Content-Type: application/octet-stream
Content-Length: 559474
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a02ef8-2757982449-17
Ocn-Served-By: QLT
Content-Range: bytes 5037422-5596895/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=5596896-6623018
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:45 GMT
Content-Type: application/octet-stream
Content-Length: 1026123
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a03fb7-2757982449-18
Ocn-Served-By: QLT
Content-Range: bytes 5596896-6623018/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=6623019-8149808
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:49 GMT
Content-Type: application/octet-stream
Content-Length: 1526790
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a06b6a-2757982449-19
Ocn-Served-By: QLT
Content-Range: bytes 6623019-8149808/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=8149809-9346494
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:51 GMT
Content-Type: application/octet-stream
Content-Length: 1196686
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a07ac8-2757982449-20
Ocn-Served-By: QLT
Content-Range: bytes 8149809-9346494/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=9346495-10389534
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:52 GMT
Content-Type: application/octet-stream
Content-Length: 1043040
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a088bc-2757982449-21
Ocn-Served-By: QLT
Content-Range: bytes 9346495-10389534/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=10389535-11921636
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:53 GMT
Content-Type: application/octet-stream
Content-Length: 1532102
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a090e6-2757982449-22
Ocn-Served-By: QLT
Content-Range: bytes 10389535-11921636/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=11921637-13040801
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:56 GMT
Content-Type: application/octet-stream
Content-Length: 1119165
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a0b15f-2757982449-23
Ocn-Served-By: QLT
Content-Range: bytes 11921637-13040801/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=13040802-14077160
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:57 GMT
Content-Type: application/octet-stream
Content-Length: 1036359
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a0bcfa-2757982449-24
Ocn-Served-By: QLT
Content-Range: bytes 13040802-14077160/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=14077161-15274934
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:58 GMT
Content-Type: application/octet-stream
Content-Length: 1197774
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a0c818-2757982449-25
Ocn-Served-By: QLT
Content-Range: bytes 14077161-15274934/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=15274935-16501492
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:12:59 GMT
Content-Type: application/octet-stream
Content-Length: 1226558
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a0d71a-2757982449-26
Ocn-Served-By: QLT
Content-Range: bytes 15274935-16501492/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=16501493-17526871
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:01 GMT
Content-Type: application/octet-stream
Content-Length: 1025379
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a0ed03-2757982449-27
Ocn-Served-By: QLT
Content-Range: bytes 16501493-17526871/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=17526872-18712607
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:02 GMT
Content-Type: application/octet-stream
Content-Length: 1185736
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a0f437-2757982449-28
Ocn-Served-By: QLT
Content-Range: bytes 17526872-18712607/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=18712608-20251083
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:03 GMT
Content-Type: application/octet-stream
Content-Length: 1538476
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a0ffd1-2757982449-29
Ocn-Served-By: QLT
Content-Range: bytes 18712608-20251083/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=20251084-21432831
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:06 GMT
Content-Type: application/octet-stream
Content-Length: 1181748
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a11fad-2757982449-30
Ocn-Served-By: QLT
Content-Range: bytes 20251084-21432831/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=21432832-23112814
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:07 GMT
Content-Type: application/octet-stream
Content-Length: 1679983
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a12b74-2757982449-31
Ocn-Served-By: QLT
Content-Range: bytes 21432832-23112814/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=23112815-23964054
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:11 GMT
Content-Type: application/octet-stream
Content-Length: 851240
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a15a1e-2757982449-32
Ocn-Served-By: QLT
Content-Range: bytes 23112815-23964054/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=23964055-25206816
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:12 GMT
Content-Type: application/octet-stream
Content-Length: 1242762
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a1654f-2757982449-33
Ocn-Served-By: QLT
Content-Range: bytes 23964055-25206816/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=25206817-26394677
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:13 GMT
Content-Type: application/octet-stream
Content-Length: 1187861
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a170e5-2757982449-34
Ocn-Served-By: QLT
Content-Range: bytes 25206817-26394677/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=26394678-27512743
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:14 GMT
Content-Type: application/octet-stream
Content-Length: 1118066
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a180ce-2757982449-35
Ocn-Served-By: QLT
Content-Range: bytes 26394678-27512743/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=27512744-28199629
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:16 GMT
Content-Type: application/octet-stream
Content-Length: 686886
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a18d22-2757982449-36
Ocn-Served-By: QLT
Content-Range: bytes 27512744-28199629/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=28199630-29390024
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:17 GMT
Content-Type: application/octet-stream
Content-Length: 1190395
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a19781-2757982449-37
Ocn-Served-By: QLT
Content-Range: bytes 28199630-29390024/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=29390025-31082839
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:18 GMT
Content-Type: application/octet-stream
Content-Length: 1692815
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a1a331-2757982449-38
Ocn-Served-By: QLT
Content-Range: bytes 29390025-31082839/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=31082840-32078697
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:19 GMT
Content-Type: application/octet-stream
Content-Length: 995858
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a1b313-2757982449-39
Ocn-Served-By: QLT
Content-Range: bytes 31082840-32078697/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=32078698-33582268
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:20 GMT
Content-Type: application/octet-stream
Content-Length: 1503571
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a1be34-2757982449-40
Ocn-Served-By: QLT
Content-Range: bytes 32078698-33582268/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=33582269-34775045
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:22 GMT
Content-Type: application/octet-stream
Content-Length: 1192777
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a1d09d-2757982449-41
Ocn-Served-By: QLT
Content-Range: bytes 33582269-34775045/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=34775046-36493662
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:23 GMT
Content-Type: application/octet-stream
Content-Length: 1718617
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a1dc77-2757982449-42
Ocn-Served-By: QLT
Content-Range: bytes 34775046-36493662/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=36493663-37498328
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:24 GMT
Content-Type: application/octet-stream
Content-Length: 1004666
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a1e9c9-2757982449-43
Ocn-Served-By: QLT
Content-Range: bytes 36493663-37498328/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=37498329-38984780
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:25 GMT
Content-Type: application/octet-stream
Content-Length: 1486452
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a1f554-2757982449-44
Ocn-Served-By: QLT
Content-Range: bytes 37498329-38984780/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=38984781-40291980
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:26 GMT
Content-Type: application/octet-stream
Content-Length: 1307200
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a205d6-2757982449-45
Ocn-Served-By: QLT
Content-Range: bytes 38984781-40291980/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=40291981-41002577
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:28 GMT
Content-Type: application/octet-stream
Content-Length: 710597
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a21aec-2757982449-46
Ocn-Served-By: QLT
Content-Range: bytes 40291981-41002577/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=41002578-41568239
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:30 GMT
Content-Type: application/octet-stream
Content-Length: 565662
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a2321d-2757982449-47
Ocn-Served-By: QLT
Content-Range: bytes 41002578-41568239/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=41568240-41988519
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:34 GMT
Content-Type: application/octet-stream
Content-Length: 420280
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a25b8b-2757982449-48
Ocn-Served-By: QLT
Content-Range: bytes 41568240-41988519/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=41988520-42310005
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:36 GMT
Content-Type: application/octet-stream
Content-Length: 321486
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a27307-2757982449-49
Ocn-Served-By: QLT
Content-Range: bytes 41988520-42310005/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=42310006-42771058
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:37 GMT
Content-Type: application/octet-stream
Content-Length: 461053
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a27fa3-2757982449-50
Ocn-Served-By: QLT
Content-Range: bytes 42310006-42771058/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=42771059-43084929
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:38 GMT
Content-Type: application/octet-stream
Content-Length: 313871
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a28bee-2757982449-51
Ocn-Served-By: QLT
Content-Range: bytes 42771059-43084929/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=43084930-43375316
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:39 GMT
Content-Type: application/octet-stream
Content-Length: 290387
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a29772-2757982449-52
Ocn-Served-By: QLT
Content-Range: bytes 43084930-43375316/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=43375317-43827368
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:41 GMT
Content-Type: application/octet-stream
Content-Length: 452052
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a2a6d2-2757982449-53
Ocn-Served-By: QLT
Content-Range: bytes 43375317-43827368/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=43827369-44145895
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:42 GMT
Content-Type: application/octet-stream
Content-Length: 318527
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a2b1da-2757982449-54
Ocn-Served-By: QLT
Content-Range: bytes 43827369-44145895/177180216
Server: Qwilt
X-OC-Service-Type: lo
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

Remote address:

91.81.129.180:80

Request

GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
Range: bytes=44145896-44682511
User-Agent: Microsoft BITS/7.8
X-Old-UID: {AC238266-8B6E-4810-9FF7-D53805793662}; age=-1; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Date: Sun, 09 Feb 2025 22:13:43 GMT
Content-Type: application/octet-stream
Content-Length: 536616
Connection: keep-alive
Cache-Control: public, max-age=17280000
X-AspNetMvc-Version: 5.3
MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
MS-CV: y9dBBsu9vkmE74iU.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
X-CID: 9
X-CCC: it
Ocn-Cache-Status: HIT
Ocn-Requestid: 1000000570a2bd64-2757982449-55
Ocn-Served-By: QLT
Content-Range: bytes 44145896-44682511/177180216
Server: Qwilt
X-OC-Service-Type: lo

72.52.178.23:80

www.ardamax.com

msedge.exe

288 B
196 B
6
4
72.52.178.23:80

www.ardamax.com

msedge.exe

288 B
196 B
6
4
72.52.178.23:80

http://www.ardamax.com/keylogger/uninstall.html

http

msedge.exe

793 B
510 B
7
5

HTTP Request

GET http://www.ardamax.com/keylogger/uninstall.html

HTTP Response

302
76.223.26.96:80

http://ww12.ardamax.com/favicon.ico

http

msedge.exe

3.5kB
9.5kB
18
18

HTTP Request

GET http://ww12.ardamax.com/keylogger/uninstall.html?usid=25&utid=9103949694

HTTP Response

200

HTTP Request

GET http://ww12.ardamax.com/munin/a/tr/browserjs?domain=ardamax.com&toggle=browserjs&uid=MTczOTEzOTEwOC4yODcxOmUxYWI2ZjkxOGNhOTAyNjQ5YTExOTE3OWViOWE2OGYyY2U3YTU1NzQ2NTg3YTNlODE0Yjk0YjVlMmQ3MmUxMzU6NjdhOTI4MjQ0NjE0ZA%3D%3D

HTTP Response

200

HTTP Request

GET http://ww12.ardamax.com/munin/a/ls?t=67a92824&token=490323773d8b8056338ccadeba4c49de794282de

HTTP Response

201

HTTP Request

GET http://ww12.ardamax.com/munin/a/tr/answercheck/yes?domain=ardamax.com&caf=1&toggle=answercheck&answer=yes&uid=MTczOTEzOTEwOC4yODcxOmUxYWI2ZjkxOGNhOTAyNjQ5YTExOTE3OWViOWE2OGYyY2U3YTU1NzQ2NTg3YTNlODE0Yjk0YjVlMmQ3MmUxMzU6NjdhOTI4MjQ0NjE0ZA%3D%3D

HTTP Response

200

HTTP Request

GET http://ww12.ardamax.com/favicon.ico

HTTP Response

200
170.187.143.93:443

https://parking3.parklogic.com/page/enhance.js?pcId=12&domain=ardamax.com

tls, http2

msedge.exe

2.0kB
10.0kB
19
17

HTTP Request

GET https://parking3.parklogic.com/page/enhance.js?pcId=12&domain=ardamax.com

HTTP Response

200
143.204.68.99:443

https://euob.seaskydvd.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js

tls, http2

msedge.exe

2.8kB
49.4kB
36
45

HTTP Request

GET https://euob.seaskydvd.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js

HTTP Response

200
170.187.143.93:443

https://parking3.parklogic.com/page/scribe.php?pcId=12&domain=ardamax.com&pId=2447&usid=25&utid=9103949694&query=null&domainJs=ww12.ardamax.com&path=/keylogger/uninstall.html&ss=true&lp=1&tzB=UTC&wd=false&gpu=null

tls, http2

msedge.exe

4.6kB
9.7kB
23
19

HTTP Request

GET https://parking3.parklogic.com/page/scribe.php?pcId=12&domain=ardamax.com&pId=2447&usid=25&utid=9103949694&query=null&domainJs=ww12.ardamax.com&path=/keylogger/uninstall.html&ss=true&lp=1&tzB=UTC&wd=false&gpu=null

HTTP Response

200
99.86.249.190:80

d38psrni17bvxu.cloudfront.net

msedge.exe

536 B
264 B
11
6
216.58.204.68:80

www.google.com

msedge.exe

450 B
260 B
9
5
216.58.204.68:80

http://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true

http

msedge.exe

2.3kB
60.2kB
40
49

HTTP Request

GET http://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true

HTTP Response

200
99.86.249.190:80

http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

http

msedge.exe

1.2kB
13.8kB
15
14

HTTP Request

GET http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

HTTP Response

200
3.248.162.96:443

https://obseu.seaskydvd.com/mon

tls, http2

msedge.exe

33.8kB
8.3kB
57
45

HTTP Request

GET https://obseu.seaskydvd.com/ct?id=80705&url=http%3A%2F%2Fww12.ardamax.com%2Fkeylogger%2Funinstall.html%3Fusid%3D25%26utid%3D9103949694&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=490323773d8b8056338ccadeba4c49de794282de&tsf=0&tsfmi=&tsfu=&cb=1739139110792&hl=1&op=0&ag=2318139085&rand=73082850582060111252027085020019000080157011066188256092600902268851272696729151518767&fs=1280x609&fst=1280x609&np=win32&nv=google%20inc.&ref=&ss=1280x720&nc=0&at=&di=W1siZWYiLDc2MzRdLFsiYWJuY2giLDEzXSxbLTEyLCJcIjFcIiJdLFstMjMsIisiXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAwMTEwMTEwMTAwMTEwMTAwMDAwMTAiXSxbLTQ3LCJVVEMsZW4tVVMsbGF0bixncmVnb3J5Il0sWy02MCwxOTJdLFstNzEsImEwMDAwMTAxMTAwMTAwMTAwMDAwMTAxMDAwMDExMTAwMDAwMDEwIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTM0LCItIl0sWy00MCwiMzMiXSxbLTQ5LCItIl0sWy01MSwiLSJdLFstNTksImRlbmllZCJdLFstNjIsIjgwIl0sWy0xLCItIl0sWy02MywiMCJdLFstNjUsIi0iXSxbLTcwLCItIl0sWy0xNywiOCJdLFstMzgsImksLTEsLTEsNzkxLDAsMiwwLDYxLDM0LDgzLC0xLDAsMTA0NCwzNTA1LDM3NDEsMzc0MiJdLFstNDYsIjAiXSxbLTUwLCItIl0sWy01MiwiLSJdLFstNTUsIjAiXSxbLTE1LCItIl0sWy0yNSwiLSJdLFstNDUsIjYyMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDY1MiwwLDAsMCw2NzIsMCw2NzMsMCwwLDAsMCwwLDAsMCwwLDAsNjc3LDAsNjc2LDAsNjE3Il0sWy01NCwie1wiaFwiOltcIjMyOTk3Mjg0NTJcIixcIjgyMjgyMzExOVwiLFwiXzNcIixcIjI4NzI4OTkzMjBcIl0sXCJkXCI6W10sXCJiXCI6W1wiXzBcIixcIjI2NDYwMzg4MlwiXSxcInNcIjoxfSJdLFstNjcsIi0iXSxbLTksIisiXSxbLTE0LCItIl0sWy0xNiwiMCJdLFstMTgsIlswLDAsMCwxXSJdLFstMzIsIjAiXSxbLTM1LCJbMTczOTEzOTExMDUxMiwwXSJdLFstMzcsIi0xMDktNTQtNTgtIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJtaGpmYm1kZ2NmamJicGFlb2pvZm9ob2VmZ2llaGphaVwiLFwiaW50ZXJuYWwtbmFjbC1wbHVnaW5cIl0iXSxbLTEwLCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W119Il0sWy0xOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTI4MCw2ODAsMTI4MCw3MjAsMTI4MCw2ODAsMTI4MCw2MDksMCwwLDAsMCxcIi1cIixcIi1cIiwxMjYzLDYwOSxudWxsXSJdLFstMjAsIi0iXSxbLTU4LCItIl0sWy02OSwiV2luMzJ8R29vZ2xlIEluYy58fDh8LXwtIl0sWy01LCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwidXNpZFwiLFwidXRpZFwiLFwicGF0aFwiLFwiZ2V0R1BVVmVuZG9yXCIsXCJ0Y2Jsb2NrXCIsXCJzZWFyY2hib3hCbG9ja1wiLFwiZ2V0WE1MaHR0cFwiLFwiYWpheFF1ZXJ5XCIsXCJhamF4QmFja2ZpbGxcIixcImxvYWRGZWVkXCIsXCJ4bWxIdHRwXCIsXCJsc1wiLFwiZ2V0TG9hZEZlZWRBcmd1bWVudHNcIixcIl9fY3RjZ19jdF84MDcwNV9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTI0LCJbXSJdLFstMjcsIlsxMDAsMS41NSwwLFwiNGdcIixudWxsXSJdLFstMzEsImZhbHNlIl0sWy0zNiwiW1wiMTYvOVwiLFwiMTYvOVwiXSJdLFstNDQsIjAsMCwwLDUiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNywiLSJdLFstOCwiLSJdLFstMTMsIi0iXSxbLTIxLCItIl0sWy0yNiwie1widGpoc1wiOjM3Mzk1MTIsXCJ1amhzXCI6MzQ2MjY5MixcImpoc2xcIjoyMTcyNjQ5NDcyfSJdLFstMzAsIltcInZcIiwwXSJdLFstMzksIltcIjIwMDMwMTA3XCIsNCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsMyxudWxsLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZV0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy00OCwiMCwwIl0sWy02MSwiLSJdLFstNjYsImdlb2xvY2F0aW9uLG1pZGksY2hlY3QsdXNiLG1hZ25ldG9tZXRlcixwaWN0dXJlaW5waWN0dXJlLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LGFjY2VsZXJvbWV0ZXIsZG9jdW1lbnRkb21haW4sc2VyaWFsLGVuY3J5cHRlZG1lZGlhLGNoZG93bmxpbmssY2h1YWFyY2gsY2xpcGJvYXJkd3JpdGUsY2hwcmVmZXJzY29sb3JzY2hlbWUsc3luY3hocixjaHdpZHRoLGNodWFwbGF0Zm9ybXZlcnNpb24sY2h1YW1vZGVsLHhyc3BhdGlhbHRyYWNraW5nLGNobGFuZyxjbGlwYm9hcmRyZWFkLGNhbWVyYSxjaHZpZXdwb3J0d2lkdGgscGF5bWVudCxjaHJ0dCxjaHVhZnVsbHZlcnNpb24sZnVsbHNjcmVlbixhdXRvcGxheSxzdG9yYWdlYWNjZXNzYXBpLGNyb3Nzb3JpZ2luaXNvbGF0ZWQsY2hkcHIsaGlkLGNodWFwbGF0Zm9ybSxzY3JlZW53YWtlbG9jayxneXJvc2NvcGUsY2h1YW1vYmlsZSxjaGRldmljZW1lbW9yeSxjaHVhLG1pY3JvcGhvbmUiXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImdvb2dsZSBpbmMuIChudmlkaWEpXCIsXCJyXCI6XCJhbmdsZSAobnZpZGlhLCBudmlkaWEgZ2Vmb3JjZSBydHggMzA2MCB0aSBkaXJlY3QzZDExIHZzXzVfMCBwc181XzAsIGQzZDExLTEwLjAuMTkwNDEuNTQ2KVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjoyMSxcIndnbFwiOjEsXCJncmVuXCI6XCJ3ZWJraXQgd2ViZ2xcIixcInNlZlwiOjI4Mzg2MzE3MTYsXCJzZWNcIjpcIlwifSJdLFstNCwiLSJdLFstMjksIi0iXSxbLTMzLCItIl0sWy01MywiMTAwIl0sWy01NywiV0UwWmVFdExXRUFYVDF3WkVWRk5UVWxLQXhZV1hFeFdXeGRLWEZoS1VrQmRUMTBYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnRER3QUxDQThRRlZoTkdVc1pFVkZOVFVsS0F4WVdYRXhXV3hkS1hGaEtVa0JkVDEwWFdsWlVGa3BCU1JaUUZnc0xEVjhCREFvSkMxaFlDMXNQWEZvS0NWaFlXZ0JZQVF4ZFdBdGFXMThBRjFOS0F3Z0REZ29CQUE0USJdLFstNjQsIi0iXSxbLTY4LCItIl0sWyJibmNoIiwzMjZdLFstMiwiMjIzLGVjWFZXMS90cnRuSHR1bVQ2VFRIb2pwRkFsQkFLRUpnYURSanFDTkduU0JWVEV3bnZHSnlnUGxhZW9ZS0dJOUFDaUZBR0pFRHFFVUFMSmhQUmtVaWJUeXkzbm5GMy92M1h1M0ciXSxbLTQxLCItIl0sWyJkZGIiLCIxLDIyMywxLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwxLDEsMCwxLDAsMCwwLDYsMSwyMjEsMCwxLDAsMTIsMCwwLDAsMCwwLDAsMSwwLDgsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMSJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDAsMCwyLDAsMCwyNSwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMSwwLDAsMSwwLDAsMSwwLDcsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl1d&dep=0&pre=0&sdd=&cri=Xx6jkHemlx&pto=4256&ver=63&gac=-&mei=&ap=&fe=1&duid=1.1739139110.6CLt09GzhuPBTdvZ&suid=1.1739139110.13TcAynVGJ3o74N7&tuid=1.1739139110.TL3sGezNRWNyz5dO&fbc=-&gtm=-&it=7%2C1013%2C2668&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D

HTTP Response

200

HTTP Request

GET https://obseu.seaskydvd.com/tracker/tc_imp.gif?e=37dfbd8ee84e001269e7c636e3468b9f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f6740d78681542c364efd7c7305826d8961c40337512bc103005c645156c2ea621e77be26bb25cb43e2913af24c6eac0f337c12c452e841ec8bc59a7ee46a56a82b9eec47679c796e092818c5871d61eb72bffeb1ba131be20ecca7478c31db6bda508e1547f77303fd1f564c2acf503ed79ffca8328828bf7d8557ec4b7274a7d43169230121e118f58109ac5d6ead83c6771e217dcf965d78c9df014b354d73190bb98a29617819a5f94869effaa37fd2b944771e2bb5a5a384ed23e9c2d758f55682513e60d3ee9da7ea26d289a3799d210ed8fccf2f1145f16666fec1166cbaddf37c8a01fd46bad01d934bc29d2bc16b278a8b798d779ad1eff28ce7ff0b6fb473a4b1e8711570fcd97c8ff305b247585095090bd8819984c0f18a7dc12dcb90b88d7de96c362388732785829240299ce265a40fba845c9d71f02d150f43da3db9528794fc2ee3d1639347b1cf929b6189191c3eb31e04547d5873cbec3be70b94cdc77ce5bb45bdde6cdac2b1ad33cfa7e41f3e28c6a94e43dfb0194a05e4acba74b62688b904fdea3cc328e345c00f8d04cab868984776bdf0827b2f63315d7e520240eab0db39c01ea51b1f0570afe50b86c7461ef4aa81a8a07e95bc97a0dfadf1b5321b2ef1559ba4457cd51116478e36033515a269a56404d0f7d321d672dd4e8ab731ccba0585660c29271e61109ac489c72e2f10c34c579fc1d8a5b1cd500c9fb3b47c97cf6d7dabae563c608edb811341c543d119f508ff2dd857829c01f2a833fc9a8fd1914661e6e13a639c77a5e9e3da5fc20a436c06cb6f472eb6b1439da85193cd89c246cc9986340d3e46bd34aa04aa4bd6fd6ad545166b3f581a01a8108bd54c47a57d82e7a327d3a420906631eb486e269ff4c35e0baa2089d1438b43685f14de6e7bdbf0897ac1552288d146e3cdd7fe9c509a0004301ff26b3712c1c54e4eb021e6fcc9319d93b14c4f76a36a200802c60b42b9dabd49039a626dc1c8c4129c96a8c54423b838a71535159f0c3175d4d004418cd6ffc4bbe446f330a772c774829d08c2edf82d3ff3941981e7fec098ac85966d1cdbf42f03ca63d15fd0&cri=Xx6jkHemlx&ts=431&cb=1739139111223

HTTP Request

POST https://obseu.seaskydvd.com/mon

HTTP Response

200

HTTP Request

POST https://obseu.seaskydvd.com/mon

HTTP Request

POST https://obseu.seaskydvd.com/mon

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://obseu.seaskydvd.com/mon

HTTP Response

200

HTTP Request

POST https://obseu.seaskydvd.com/mon

HTTP Response

200

HTTP Request

POST https://obseu.seaskydvd.com/mon

HTTP Response

200

HTTP Request

POST https://obseu.seaskydvd.com/mon

HTTP Response

200
142.250.187.206:443

https://syndicatedsearch.goog/adsense/domains/caf.js

tls, http2

msedge.exe

4.6kB
68.3kB
43
64

HTTP Request

GET https://syndicatedsearch.goog/afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000001%2Cbucket003&client=dp-teaminternet04_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fww12.ardamax.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2N2E5MjgyNDQ2MTJkfHx8MTczOTEzOTEwOC4zMDY2fDRkNWFmZDA0YzE5YmYyNzljYTU4YjEyMTU5ZWMyOGZlOGJhNGJkZjR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDQ5MDMyMzc3M2Q4YjgwNTYzMzhjY2FkZWJhNGM0OWRlNzk0MjgyZGV8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHx8fHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2758074928654248&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301550%2C17301266%2C72717107&format=r3%7Cs&nocache=4501739139111335&num=0&output=afd_ads&domain_name=ww12.ardamax.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1739139111335&u_w=1280&u_h=720&biw=1263&bih=609&psw=1263&psh=754&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=723063605&rurl=http%3A%2F%2Fww12.ardamax.com%2Fkeylogger%2Funinstall.html%3Fusid%3D25%26utid%3D9103949694

HTTP Request

GET https://syndicatedsearch.goog/adsense/domains/caf.js
142.250.187.206:443

syndicatedsearch.goog

tls, http2

msedge.exe

2.9kB
1.7kB
11
7
172.217.169.65:443

afs.googleusercontent.com

tls

msedge.exe

2.5kB
248 B
10
5
172.217.169.65:443

afs.googleusercontent.com

tls, http2

msedge.exe

2.9kB
11.0kB
16
14
172.217.169.65:443

https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

tls, http2

msedge.exe

5.0kB
12.7kB
30
22

HTTP Request

GET https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff

HTTP Request

GET https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
4.245.161.190:443

https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false

tls, http2

4.8kB
12.4kB
24
19

HTTP Request

POST https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

HTTP Response

200

HTTP Request

POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false

HTTP Response

200
91.81.129.180:80

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

http

2.0MB
46.9MB
30347
33599

HTTP Request

HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

200

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739743922&P2=404&P3=2&P4=NI4NzVhWTDhhDHwT1d2vyUWLEswgN7CiJdZMMqwaYA1CavtCO6qeOyN478D%2f8AztXGIgmxv8x2esVRRK2Es9mg%3d%3d

HTTP Response

206

8.8.8.8:53

www.ardamax.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

www.ardamax.com

DNS Response

72.52.178.23
8.8.8.8:53

ww12.ardamax.com

dns

msedge.exe

62 B
130 B
1
1

DNS Request

ww12.ardamax.com

DNS Response

76.223.26.96

13.248.148.254
8.8.8.8:53

parking3.parklogic.com

dns

msedge.exe

136 B
84 B
2
1

DNS Request

parking3.parklogic.com

DNS Request

parking3.parklogic.com

DNS Response

170.187.143.93
8.8.8.8:53

euob.seaskydvd.com

dns

msedge.exe

128 B
128 B
2
1

DNS Request

euob.seaskydvd.com

DNS Request

euob.seaskydvd.com

DNS Response

143.204.68.99

143.204.68.86

143.204.68.49

143.204.68.13
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

216.58.204.68
8.8.8.8:53

d38psrni17bvxu.cloudfront.net

dns

msedge.exe

75 B
139 B
1
1

DNS Request

d38psrni17bvxu.cloudfront.net

DNS Response

99.86.249.190

99.86.249.202

99.86.249.97

99.86.249.105
8.8.8.8:53

obseu.seaskydvd.com

dns

msedge.exe

65 B
113 B
1
1

DNS Request

obseu.seaskydvd.com

DNS Response

3.248.162.96

34.251.101.162

54.75.69.192
8.8.8.8:53

syndicatedsearch.goog

dns

msedge.exe

67 B
83 B
1
1

DNS Request

syndicatedsearch.goog

DNS Response

142.250.187.206
8.8.8.8:53

partner.googleadservices.com

dns

msedge.exe

370 B
5

DNS Request

partner.googleadservices.com

DNS Request

partner.googleadservices.com

DNS Request

partner.googleadservices.com

DNS Request

partner.googleadservices.com

DNS Request

partner.googleadservices.com
142.250.187.206:443

syndicatedsearch.goog

https

msedge.exe

7.9kB
8.6kB
21
17
224.0.0.251:5353

msedge.exe

522 B
8
8.8.8.8:53

afs.googleusercontent.com

dns

msedge.exe

71 B
116 B
1
1

DNS Request

afs.googleusercontent.com

DNS Response

172.217.169.65
8.8.8.8:53

msedge.api.cdp.microsoft.com

dns

74 B
158 B
1
1

DNS Request

msedge.api.cdp.microsoft.com

DNS Response

4.245.161.190
8.8.8.8:53

www.godaddy.com

dns

msedge.exe

61 B
164 B
1
1

DNS Request

www.godaddy.com

DNS Response

184.26.44.14
8.8.8.8:53

msedge.b.tlu.dl.delivery.mp.microsoft.com

dns

174 B
344 B
2
1

DNS Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

DNS Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

DNS Response

91.81.129.180

91.80.49.21

91.81.130.133

91.81.130.134

91.81.129.181

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff4d54b3aadb5200432594708f095e82

SHA1
c30bc1677a50697ada032b1be526b0df6952daf1

SHA256
f63398b148e870edbfe75f8a7d717a64c87b8a05f35ae577d39d157744bfc78f

SHA512
bcb34a847f9b1c2c4347008a8208def98a07bf55d6c11cf6e0b237df1e5f7f5f3a7a58c3b7d0efb1c99ca8f2fc41c6fe776a8fe205840f9f212bfcde67e3f8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f27aebac6cf2154266da570473c0bab7

SHA1
088feed439d7d1bf0962a0d7973a00808632d9b1

SHA256
d11ca93fd8845403bb3deeb8333637cde2f52ca868dc78d3e36a3bcd10ae6e40

SHA512
e56f8e3aefbaab4e792cd989f28b9e5ba069c432a98ab039829a278cd930dd550ee2f1e9d3f45307eeb67a56eb7858d1281afdafebcaf6833ba8bf1b3d6b0753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\34ba4e0b-dc68-4793-acab-bbfbf1fc2453.tmp

Filesize
6KB

MD5
1b46488591ee3f233834574b9afec61d

SHA1
fe77088fd28147d49335dacec738003c7b261480

SHA256
ec84ca647611ff6caef53ee791d742efd12dc942a7f8f3f1c8ee27944615b9a5

SHA512
93d05f8ab2194077fa3199d4d8355107f5ef1a77153be05d7f0a7a6b11cf39abc3bbca931b516fa991858466135c3e43e78b739bafad8ddbd1084587eb01cf1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1f1e09a5f2c23c4e7e0532c1b8ad862e

SHA1
41b52d37cb6990c07af22c60a4782ef7e0f2fccd

SHA256
0159b13f84d5c471adff5af901332f3d8dadaba080e4a23a356c862380d10d2a

SHA512
33add709347685df0f977945adc2c06113fd6b68fa7ad2337b249446bcf7785ca9203e3edd3266269da35029084698a444c7152ba1551182b64119311d8c0ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
838B

MD5
7ae30383252a98ccbce9d3a230e8215a

SHA1
5077fed5df4e457dcfbd97f33429b74ec9e0ea33

SHA256
2f908647466f3f8373143f7ee626f33372ab830739cac2b48514f54795c97b9a

SHA512
ba5de183f3e417bc16b0e2bde15dad0dc3acc8cb7d3d1b36a1f17925e50fa9b362939793092144310c352f5541b733b03a4918af2e28995ff11172162c0cc57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9a5f683694a60b3ff1c199f913cfab7

SHA1
7aac752c5221b358da9f172bc7d7b2928d677448

SHA256
68e25f41e17fa6dd7d14f4ddf8dfdde1507cb8d3a82945ba8c2fad0298d0da99

SHA512
bf92d43a50f7a958db7d04a9adc3d4a7045c60ba3ca6a2b08d79ceb10a8340f9e3126d46b05481f2d8c2fc0b66bee8753b3cec9f3962ee56e06e580f9a19507b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c05ec11b5672e732444a4f7fdfd889e

SHA1
4ec224846170e57d0cecbb8a06857f4b672f723a

SHA256
d68a16a6c79d708a169c8e699565fe65d19cf8300f86c30bdea9af88495bc079

SHA512
99c050bbf14c41f21f13c3e520e05f2c72f5bb2f4192a92e65bb87cce2f8ed44534cb671e6f311d85146bd1f86763246cd8d9e93ca6bba22b655db718ea63e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f934baa0c47c876b6090f76314895d05

SHA1
782310caecd56d85f41d5c339e67b46d05332530

SHA256
80442f6b0dc72a1e1d1d22ced56570c5503c50016caedf846554669826b24fdb

SHA512
f68bb4cd504da65d57caf8ee6797dd21c435fb8e3092933e81d0dd3507dc0e227d0cfc9fcceea68ba248c6e70a38f2732138c162ed0b81b46c96df2f5cb4fedc

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
44KB

MD5
83cac9da65204dca68d957c5731a7059

SHA1
0291f20c8144494e9eb06b818bed447afee91f09

SHA256
9704a03d01c430189525b18b519d77337e230ccd09ca37d2ee1a25a38f5cec0f

SHA512
4be4fc5cfd21ba4affff87ca1698ba63a62a2d899538ba6034e71a2451d63f545b4e29f8fd5875e0339f97eca360b46fac85d7ca26c7e37a8ea4b3ca65457673

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request