ateraagent | a6b86df4bdf042ad8fd4b5662d93b0359bb3e2f747081f7ca31408d5d9e4bda7

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2025, 15:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NF-572.msi
Size

2.9MB
MD5

e8b1181705de08e000d887191f399a06
SHA1

1b9db77f4cc5d42bcab04cf6af2ca2069b7754e8
SHA256

a6b86df4bdf042ad8fd4b5662d93b0359bb3e2f747081f7ca31408d5d9e4bda7
SHA512

4f9901b316554d92a1f1d3e79ad860207ff36d226f09d780e89e1104f4b74e4fce6d452e963ff4a75f2c52216f0ab08a828caa2e016e7cae221ce0706ebde82c
SSDEEP

49152:t+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:t+lUlz9FKbsodq0YaH7ZPxMb8tT

Score

10^/10

ateraagent discovery persistence privilege_escalation rat

Malware Config

Signatures

AteraAgent
AteraAgent is a remote monitoring and management tool.
rat ateraagent
Ateraagent family
ateraagent

Detects AteraAgent 1 IoCs

resource	yara_rule
behavioral2/files/0x000900000001db4b-230.dat	family_ateraagent

Blocklisted process makes network request 4 IoCs

flow	pid	Process
2	5012	msiexec.exe
5	5012	msiexec.exe
27	1448	rundll32.exe
36	1108	rundll32.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
75	5052	Process not Found

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4	AteraAgent.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log	AgentPackageAgentInformation.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1	AteraAgent.exe
File opened for modification	C:\Windows\system32\InstallUtil.InstallLog	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	AteraAgent.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4	AteraAgent.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	msiexec.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config	msiexec.exe
File opened for modification	C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	AteraAgent.exe
File created	C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll	msiexec.exe

Drops file in Windows directory 35 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI69.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6D3.tmp-\System.Management.dll	rundll32.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9D2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1791.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF944.tmp-\System.Management.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI1791.tmp-\AlphaControlAgentInstallation.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIBB9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6D3.tmp-\Newtonsoft.Json.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6D3.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI6D3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6D3.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI1791.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI1791.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF944.tmp-\AlphaControlAgentInstallation.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI69.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI69.tmp-\System.Management.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF944.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF944.tmp-\Newtonsoft.Json.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI69.tmp-\AlphaControlAgentInstallation.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI69.tmp-\Newtonsoft.Json.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI1791.tmp-\System.Management.dll	rundll32.exe
File created	C:\Windows\Installer\e57f8a8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57f8a8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9F2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIADD.tmp	msiexec.exe
File created	C:\Windows\Installer\e57f8aa.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1791.tmp-\Newtonsoft.Json.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF944.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI6D3.tmp-\AlphaControlAgentInstallation.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF944.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI69.tmp-\CustomAction.config	rundll32.exe

Executes dropped EXE 4 IoCs

pid	Process
1936	AteraAgent.exe
1268	AteraAgent.exe
3484	AgentPackageAgentInformation.exe
1624	AgentPackageAgentInformation.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
740	sc.exe

Loads dropped DLL 31 IoCs

pid	Process
748	MsiExec.exe
4404	rundll32.exe
4404	rundll32.exe
4404	rundll32.exe
4404	rundll32.exe
4404	rundll32.exe
748	MsiExec.exe
1448	rundll32.exe
1448	rundll32.exe
1448	rundll32.exe
1448	rundll32.exe
1448	rundll32.exe
1448	rundll32.exe
1448	rundll32.exe
748	MsiExec.exe
4176	rundll32.exe
4176	rundll32.exe
4176	rundll32.exe
4176	rundll32.exe
4176	rundll32.exe
748	MsiExec.exe
4964	MsiExec.exe
4964	MsiExec.exe
748	MsiExec.exe
1108	rundll32.exe
1108	rundll32.exe
1108	rundll32.exe
1108	rundll32.exe
1108	rundll32.exe
1108	rundll32.exe
1108	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
5012	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NET.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TaskKill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3348	MicrosoftEdgeUpdate.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000f15129188923c4550000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000f15129180000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900f1512918000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1df1512918000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f151291800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
3368	TaskKill.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	AteraAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	AteraAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	AteraAgent.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	AteraAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	AteraAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	AteraAgent.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	AgentPackageAgentInformation.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	AteraAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	AteraAgent.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	AteraAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	AteraAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	AteraAgent.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	AteraAgent.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	AteraAgent.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption"	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	AteraAgent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	AteraAgent.exe

Modifies registry class 22 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\Version = "17301511"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\25F46F8180ECF4345A1FA7A8935DE9AE	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\ProductName = "AteraAgent"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\PackageCode = "559DA127DF979104BB5FD9CCC41157BB"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\SourceList\PackageName = "NF-572.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\25F46F8180ECF4345A1FA7A8935DE9AE\7D0A237E2F2A7564CA141B792446E854	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7D0A237E2F2A7564CA141B792446E854	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7D0A237E2F2A7564CA141B792446E854\INSTALLFOLDER_files_Feature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7D0A237E2F2A7564CA141B792446E854\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe

Modifies system certificate store 2 TTPs 6 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F\Blob = 0f00000001000000200000001504593902ec8a0bab29f03bf35c3058b5fd1807a74dab92cb61ed4a9908afa40b000000010000006200000041006d0061007a006f006e00200053006500720076006900630065007300200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020002d002d002000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107180330123010060a2b0601040182373c0101030200c0620000000100000020000000568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab51400000001000000140000009c5f00dfaa01d7302b3888a2b86d4a9cf21191831d000000010000001000000052135310639a10f77f886b229b9f7afc7f000000010000000c000000300a06082b060105050703037e00000001000000080000000080c82b6886d701030000000100000014000000925a8f8d2c6d04e0665f596aff22d863e8256f3f2000000001000000f3030000308203ef308202d7a003020102020100300d06092a864886f70d01010b0500308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183300d06092a864886f70d01010b050003820101004b36a6847769dd3b199f6723086f0e61c9fd84dc5fd83681cdd81b412d9f60ddc71a68d9d16e86e18823cf13de43cfe234b3049d1f29d5bff85ec8d5c1bdee926f3274f291822fbd82427aad2ab7207d4dbc7a5512c215eabdf76a952e6c749fcf1cb4f2c501a385d0723ead73ab0b9b750c6d45b78e94ac9637b5a0d08f15470ee3e883dd8ffdef410177cc27a9628533f23708ef71cf7706dec8191d8840cf7d461dff1ec7e1ceff23dbc6fa8d554ea902e74711463ef4fdbd7b2926bba961623728b62d2af6108664c970a7d2adb7297079ea3cda63259ffd68b730ec70fb758ab76d6067b21ec8b9e9d8a86f028b670d4d265771da20fcc14a508db128ba	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F\Blob = 19000000010000001000000014d4b19434670e6dc091d154abb20edc0f00000001000000200000001504593902ec8a0bab29f03bf35c3058b5fd1807a74dab92cb61ed4a9908afa40b000000010000006200000041006d0061007a006f006e00200053006500720076006900630065007300200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020002d002d002000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107180330123010060a2b0601040182373c0101030200c0620000000100000020000000568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab51400000001000000140000009c5f00dfaa01d7302b3888a2b86d4a9cf21191831d000000010000001000000052135310639a10f77f886b229b9f7afc7f000000010000000c000000300a06082b060105050703037e00000001000000080000000080c82b6886d701030000000100000014000000925a8f8d2c6d04e0665f596aff22d863e8256f3f2000000001000000f3030000308203ef308202d7a003020102020100300d06092a864886f70d01010b0500308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183300d06092a864886f70d01010b050003820101004b36a6847769dd3b199f6723086f0e61c9fd84dc5fd83681cdd81b412d9f60ddc71a68d9d16e86e18823cf13de43cfe234b3049d1f29d5bff85ec8d5c1bdee926f3274f291822fbd82427aad2ab7207d4dbc7a5512c215eabdf76a952e6c749fcf1cb4f2c501a385d0723ead73ab0b9b750c6d45b78e94ac9637b5a0d08f15470ee3e883dd8ffdef410177cc27a9628533f23708ef71cf7706dec8191d8840cf7d461dff1ec7e1ceff23dbc6fa8d554ea902e74711463ef4fdbd7b2926bba961623728b62d2af6108664c970a7d2adb7297079ea3cda63259ffd68b730ec70fb758ab76d6067b21ec8b9e9d8a86f028b670d4d265771da20fcc14a508db128ba	AteraAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	AteraAgent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	AteraAgent.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
3436	msiexec.exe
3436	msiexec.exe
1268	AteraAgent.exe
3484	AgentPackageAgentInformation.exe
1624	AgentPackageAgentInformation.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5012	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5012	msiexec.exe
Token: SeSecurityPrivilege	3436	msiexec.exe
Token: SeCreateTokenPrivilege	5012	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5012	msiexec.exe
Token: SeLockMemoryPrivilege	5012	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5012	msiexec.exe
Token: SeMachineAccountPrivilege	5012	msiexec.exe
Token: SeTcbPrivilege	5012	msiexec.exe
Token: SeSecurityPrivilege	5012	msiexec.exe
Token: SeTakeOwnershipPrivilege	5012	msiexec.exe
Token: SeLoadDriverPrivilege	5012	msiexec.exe
Token: SeSystemProfilePrivilege	5012	msiexec.exe
Token: SeSystemtimePrivilege	5012	msiexec.exe
Token: SeProfSingleProcessPrivilege	5012	msiexec.exe
Token: SeIncBasePriorityPrivilege	5012	msiexec.exe
Token: SeCreatePagefilePrivilege	5012	msiexec.exe
Token: SeCreatePermanentPrivilege	5012	msiexec.exe
Token: SeBackupPrivilege	5012	msiexec.exe
Token: SeRestorePrivilege	5012	msiexec.exe
Token: SeShutdownPrivilege	5012	msiexec.exe
Token: SeDebugPrivilege	5012	msiexec.exe
Token: SeAuditPrivilege	5012	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5012	msiexec.exe
Token: SeChangeNotifyPrivilege	5012	msiexec.exe
Token: SeRemoteShutdownPrivilege	5012	msiexec.exe
Token: SeUndockPrivilege	5012	msiexec.exe
Token: SeSyncAgentPrivilege	5012	msiexec.exe
Token: SeEnableDelegationPrivilege	5012	msiexec.exe
Token: SeManageVolumePrivilege	5012	msiexec.exe
Token: SeImpersonatePrivilege	5012	msiexec.exe
Token: SeCreateGlobalPrivilege	5012	msiexec.exe
Token: SeBackupPrivilege	2312	vssvc.exe
Token: SeRestorePrivilege	2312	vssvc.exe
Token: SeAuditPrivilege	2312	vssvc.exe
Token: SeBackupPrivilege	3436	msiexec.exe
Token: SeRestorePrivilege	3436	msiexec.exe
Token: SeRestorePrivilege	3436	msiexec.exe
Token: SeTakeOwnershipPrivilege	3436	msiexec.exe
Token: SeRestorePrivilege	3436	msiexec.exe
Token: SeTakeOwnershipPrivilege	3436	msiexec.exe
Token: SeBackupPrivilege	4188	srtasks.exe
Token: SeRestorePrivilege	4188	srtasks.exe
Token: SeSecurityPrivilege	4188	srtasks.exe
Token: SeTakeOwnershipPrivilege	4188	srtasks.exe
Token: SeBackupPrivilege	4188	srtasks.exe
Token: SeRestorePrivilege	4188	srtasks.exe
Token: SeSecurityPrivilege	4188	srtasks.exe
Token: SeTakeOwnershipPrivilege	4188	srtasks.exe
Token: SeRestorePrivilege	3436	msiexec.exe
Token: SeTakeOwnershipPrivilege	3436	msiexec.exe
Token: SeDebugPrivilege	1448	rundll32.exe
Token: SeRestorePrivilege	3436	msiexec.exe
Token: SeTakeOwnershipPrivilege	3436	msiexec.exe
Token: SeRestorePrivilege	3436	msiexec.exe
Token: SeTakeOwnershipPrivilege	3436	msiexec.exe
Token: SeRestorePrivilege	3436	msiexec.exe
Token: SeTakeOwnershipPrivilege	3436	msiexec.exe
Token: SeRestorePrivilege	3436	msiexec.exe
Token: SeTakeOwnershipPrivilege	3436	msiexec.exe
Token: SeRestorePrivilege	3436	msiexec.exe
Token: SeTakeOwnershipPrivilege	3436	msiexec.exe
Token: SeDebugPrivilege	3368	TaskKill.exe
Token: SeRestorePrivilege	3436	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5012	msiexec.exe
5012	msiexec.exe

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 4188	3436	msiexec.exe	103
PID 3436 wrote to memory of 4188	3436	msiexec.exe	103
PID 3436 wrote to memory of 748	3436	msiexec.exe	105
PID 3436 wrote to memory of 748	3436	msiexec.exe	105
PID 3436 wrote to memory of 748	3436	msiexec.exe	105
PID 748 wrote to memory of 4404	748	MsiExec.exe	106
PID 748 wrote to memory of 4404	748	MsiExec.exe	106
PID 748 wrote to memory of 4404	748	MsiExec.exe	106
PID 748 wrote to memory of 1448	748	MsiExec.exe	107
PID 748 wrote to memory of 1448	748	MsiExec.exe	107
PID 748 wrote to memory of 1448	748	MsiExec.exe	107
PID 748 wrote to memory of 4176	748	MsiExec.exe	108
PID 748 wrote to memory of 4176	748	MsiExec.exe	108
PID 748 wrote to memory of 4176	748	MsiExec.exe	108
PID 3436 wrote to memory of 4964	3436	msiexec.exe	110
PID 3436 wrote to memory of 4964	3436	msiexec.exe	110
PID 3436 wrote to memory of 4964	3436	msiexec.exe	110
PID 4964 wrote to memory of 3464	4964	MsiExec.exe	111
PID 4964 wrote to memory of 3464	4964	MsiExec.exe	111
PID 4964 wrote to memory of 3464	4964	MsiExec.exe	111
PID 3464 wrote to memory of 4024	3464	NET.exe	113
PID 3464 wrote to memory of 4024	3464	NET.exe	113
PID 3464 wrote to memory of 4024	3464	NET.exe	113
PID 4964 wrote to memory of 3368	4964	MsiExec.exe	114
PID 4964 wrote to memory of 3368	4964	MsiExec.exe	114
PID 4964 wrote to memory of 3368	4964	MsiExec.exe	114
PID 3436 wrote to memory of 1936	3436	msiexec.exe	116
PID 3436 wrote to memory of 1936	3436	msiexec.exe	116
PID 748 wrote to memory of 1108	748	MsiExec.exe	118
PID 748 wrote to memory of 1108	748	MsiExec.exe	118
PID 748 wrote to memory of 1108	748	MsiExec.exe	118
PID 1268 wrote to memory of 740	1268	AteraAgent.exe	119
PID 1268 wrote to memory of 740	1268	AteraAgent.exe	119
PID 1268 wrote to memory of 3484	1268	AteraAgent.exe	124
PID 1268 wrote to memory of 3484	1268	AteraAgent.exe	124
PID 1268 wrote to memory of 1624	1268	AteraAgent.exe	130
PID 1268 wrote to memory of 1624	1268	AteraAgent.exe	130

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\NF-572.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5012

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4188
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 92C7FA8F4A56607D7F483828F6E08304
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:748
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSIF944.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240646671 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
    3⤵
    - Drops file in Windows directory
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4404
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI69.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240648343 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
    3⤵
    - Blocklisted process makes network request
    - Drops file in Windows directory
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:1448
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI6D3.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240650000 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
    3⤵
    - Drops file in Windows directory
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4176
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI1791.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240654234 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
    3⤵
    - Blocklisted process makes network request
    - Drops file in Windows directory
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1108
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 89DF80272581776E9EB62C438DC88DCD E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4964
- - C:\Windows\SysWOW64\NET.exe
    "NET" STOP AteraAgent
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3464
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 STOP AteraAgent
      4⤵
      System Location Discovery: System Language Discovery
      PID:4024
- - C:\Windows\SysWOW64\TaskKill.exe
    "TaskKill.exe" /f /im AteraAgent.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3368
- C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="martakelnerr@hotmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000QLiNHIA1" /AgentId="76cdd8c2-5883-4748-8512-4202bfa641c5"
  2⤵
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:1936

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2312

C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\System32\sc.exe
  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
  2⤵
  - Launches sc.exe
  PID:740
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 76cdd8c2-5883-4748-8512-4202bfa641c5 "eb5fbb36-7441-409b-9828-25ea2a8ef99c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QLiNHIA1
  2⤵
  - Drops file in System32 directory
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 76cdd8c2-5883-4748-8512-4202bfa641c5 "63c32e0d-3c8c-4feb-8a6d-3cf707d8941d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QLiNHIA1
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:1624

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzY2QTQzOEQtQkM2Qi00REE4LTkzNkQtNkFGNDAwQTAxM0JFfSIgdXNlcmlkPSJ7MTc0OTQ2RUUtNDFDNS00OUM2LTg4NTYtOTVEMkE2ODlBN0M0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NDYzNUQwMEQtMkRGRi00QjNCLUI1NzktRDAzMUE3ODY4OTY0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMyMzYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDI1MTE0ODAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDI4MDcwNzg1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3348

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=088F1E49A2D4697B14C40BDBA35F6888; domain=.bing.com; expires=Tue, 10-Mar-2026 15:03:57 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4D3BAF95E5EA415885B364332B83E82A Ref B: FRA31EDGE0218 Ref C: 2025-02-13T15:03:57Z
date: Thu, 13 Feb 2025 15:03:56 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=088F1E49A2D4697B14C40BDBA35F6888

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=rYTid3YhMekK436hjfxlNgu_SU7-l2jr9J8IR6fQuyw; domain=.bing.com; expires=Tue, 10-Mar-2026 15:03:57 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 08F74FDCE1584DBFB3F8D0285ACEBEDE Ref B: FRA31EDGE0218 Ref C: 2025-02-13T15:03:57Z
date: Thu, 13 Feb 2025 15:03:57 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=088F1E49A2D4697B14C40BDBA35F6888; MSPTC=rYTid3YhMekK436hjfxlNgu_SU7-l2jr9J8IR6fQuyw

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A034E137BB3045378ACA935858413EBB Ref B: FRA31EDGE0218 Ref C: 2025-02-13T15:03:58Z
date: Thu, 13 Feb 2025 15:03:57 GMT
GET

https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

Remote address:

104.86.111.66:443

Request

GET /th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=088F1E49A2D4697B14C40BDBA35F6888; MSPTC=rYTid3YhMekK436hjfxlNgu_SU7-l2jr9J8IR6fQuyw
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1981
date: Thu, 13 Feb 2025 15:04:00 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.546e5668.1739459040.7e792d98
DNS

agent-api.atera.com

AgentPackageAgentInformation.exe

Remote address:

8.8.8.8:53

Request

agent-api.atera.com

IN A

Response

agent-api.atera.com

IN CNAME

agentsapi.trafficmanager.net

agentsapi.trafficmanager.net

IN CNAME

atera-agent-api-eu.westeurope.cloudapp.azure.com

atera-agent-api-eu.westeurope.cloudapp.azure.com

IN A

40.119.152.241
POST

https://agent-api.atera.com/Production/Agent/track-event

rundll32.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/track-event HTTP/1.1
X-Atera-AccountId: 001Q300000QLiNHIA1
Content-Type: application/json
Host: agent-api.atera.com
Content-Length: 130
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Date: Thu, 13 Feb 2025 15:04:11 GMT
Content-Length: 0
Connection: keep-alive
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
POST

https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus

AteraAgent.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/GetEnvironmentStatus HTTP/1.1
Content-Type: application/json
Host: agent-api.atera.com
Content-Length: 26
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:17 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
POST

https://agent-api.atera.com/Production/Agent/GetCommands

AteraAgent.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/GetCommands HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: agent-api.atera.com
Content-Length: 97
Connection: Close

Response

HTTP/1.1 204 No Content

Date: Thu, 13 Feb 2025 15:04:19 GMT
Connection: close
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
POST

https://agent-api.atera.com/Production/Agent/track-event

rundll32.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/track-event HTTP/1.1
X-Atera-AccountId: 001Q300000QLiNHIA1
Content-Type: application/json
Host: agent-api.atera.com
Content-Length: 142
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 400 Bad Request

Date: Thu, 13 Feb 2025 15:04:16 GMT
Content-Length: 0
Connection: keep-alive
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
POST

https://agent-api.atera.com/Production/Agent/GetRecurringPackages

AteraAgent.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/GetRecurringPackages HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: agent-api.atera.com
Content-Length: 44

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:22 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
POST

https://agent-api.atera.com/Production/Agent/AgentStarting

AteraAgent.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/AgentStarting HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: agent-api.atera.com
Content-Length: 97
Connection: Close

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
DNS

ps.pndsn.com

AteraAgent.exe

Remote address:

8.8.8.8:53

Request

ps.pndsn.com

IN A

Response

ps.pndsn.com

IN A

35.157.63.227

ps.pndsn.com

IN A

35.157.63.228
GET

https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a76f0fa3-8ab5-4e13-8322-348989c8a90f&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a76f0fa3-8ab5-4e13-8322-348989c8a90f&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Host: ps.pndsn.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:19 GMT
Content-Type: text/javascript; charset="UTF-8"
Connection: keep-alive
Content-Length: 19
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f24c7115-76f1-4a70-aa73-279f880dee32&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f24c7115-76f1-4a70-aa73-279f880dee32&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:26 GMT
Content-Type: text/javascript; charset="UTF-8"
Connection: keep-alive
Content-Length: 19
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a7a271d7-4432-48e0-a3bf-9855b8265bcf&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a7a271d7-4432-48e0-a3bf-9855b8265bcf&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:29 GMT
Content-Type: text/javascript; charset="UTF-8"
Connection: keep-alive
Content-Length: 19
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a7495724-a05d-4d92-ba40-571a2e521237&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a7495724-a05d-4d92-ba40-571a2e521237&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:05:14 GMT
Content-Type: text/javascript; charset="UTF-8"
Connection: keep-alive
Content-Length: 19
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/76cdd8c2-5883-4748-8512-4202bfa641c5/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d9767446-9f3c-40a9-afd5-d68b1e64fead&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/76cdd8c2-5883-4748-8512-4202bfa641c5/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d9767446-9f3c-40a9-afd5-d68b1e64fead&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:05:15 GMT
Content-Type: text/javascript; charset="UTF-8"
Content-Length: 55
Connection: keep-alive
Access-Control-Allow-Methods: OPTIONS, GET, POST
Age: 0
Cache-Control: no-cache
Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6549575f-8ffd-40fb-a4a4-8f49d653669b&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6549575f-8ffd-40fb-a4a4-8f49d653669b&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:05:46 GMT
Content-Type: text/javascript; charset="UTF-8"
Connection: keep-alive
Content-Length: 19
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3299ff41-fc68-4823-8d88-86318ab4ffe8&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3299ff41-fc68-4823-8d88-86318ab4ffe8&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:05:58 GMT
Content-Type: text/javascript; charset="UTF-8"
Connection: keep-alive
Content-Length: 19
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7cc9d869-6654-4b9a-9d8b-32d3ef2abdab&tt=0&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7cc9d869-6654-4b9a-9d8b-32d3ef2abdab&tt=0&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:25 GMT
Content-Type: text/javascript; charset="UTF-8"
Content-Length: 45
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=73e58624-eec2-45f2-a6ed-29a661a06835&tr=41&tt=17394590658709246&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=73e58624-eec2-45f2-a6ed-29a661a06835&tr=41&tt=17394590658709246&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:29 GMT
Content-Type: text/javascript; charset="UTF-8"
Content-Length: 1859
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=505518b5-36b0-4cb4-997d-35e47435ea8f&tr=41&tt=17394590689362428&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=505518b5-36b0-4cb4-997d-35e47435ea8f&tr=41&tt=17394590689362428&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:05:46 GMT
Content-Type: text/javascript; charset="UTF-8"
Content-Length: 45
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=38adeab7-835a-489d-8f2c-cc134f2b12a9&tr=41&tt=17394590689362428&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=38adeab7-835a-489d-8f2c-cc134f2b12a9&tr=41&tt=17394590689362428&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json
Host: ps.pndsn.com

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:05:58 GMT
Content-Type: text/javascript; charset="UTF-8"
Content-Length: 1864
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: *
GET

https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=95c2cfe1-ee09-4756-a369-270c57ca747a&tr=41&tt=17394591581114166&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

AteraAgent.exe

Remote address:

35.157.63.227:443

Request

GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=95c2cfe1-ee09-4756-a369-270c57ca747a&tr=41&tt=17394591581114166&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5 HTTP/1.1
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json
Host: ps.pndsn.com
POST

https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

AteraAgent.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/AcknowledgeCommands HTTP/1.1
Content-Type: application/json
Host: agent-api.atera.com
Content-Length: 104
Connection: Close

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:29 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
DNS

ps.atera.com

AteraAgent.exe

Remote address:

8.8.8.8:53

Request

ps.atera.com

IN A

Response

ps.atera.com

IN CNAME

d25btwd9wax8gu.cloudfront.net

d25btwd9wax8gu.cloudfront.net

IN A

99.84.9.89

d25btwd9wax8gu.cloudfront.net

IN A

99.84.9.5

d25btwd9wax8gu.cloudfront.net

IN A

99.84.9.56

d25btwd9wax8gu.cloudfront.net

IN A

99.84.9.72
GET

https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation.zip?LAU3TqgOSi3KaLyA8w/WYl3y7X24dv7fku8xT94/WP7BWjrZg0/LUtsdKUqFeD25

AteraAgent.exe

Remote address:

99.84.9.89:443

Request

GET /agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation.zip?LAU3TqgOSi3KaLyA8w/WYl3y7X24dv7fku8xT94/WP7BWjrZg0/LUtsdKUqFeD25 HTTP/1.1
Host: ps.atera.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/x-zip-compressed
Content-Length: 392569
Connection: keep-alive
Content-MD5: 9vKXxwT09ME9UPlx2uo7Vg==
Last-Modified: Sun, 26 Jan 2025 15:00:25 GMT
ETag: 0x8DD3E1A2A3316C5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1d212b79-901e-0050-0619-7cbf9a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 13 Feb 2025 00:08:56 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 25de4127038159040c9b8bcb29fd32bc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR62-C2
X-Amz-Cf-Id: PhEugS0S9kYbtk-V7QQj6W7E2dfzzsYcrjOjAiZV9gV6cY0W-2c-eA==
Age: 53733
DNS

agent-api.atera.com

AgentPackageAgentInformation.exe

Remote address:

8.8.8.8:53

Request

agent-api.atera.com

IN A

Response

agent-api.atera.com

IN CNAME

agentsapi.trafficmanager.net

agentsapi.trafficmanager.net

IN CNAME

atera-agent-api-eu.westeurope.cloudapp.azure.com

atera-agent-api-eu.westeurope.cloudapp.azure.com

IN A

40.119.152.241
POST

https://agent-api.atera.com/Production/Agent/CommandResult

AgentPackageAgentInformation.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/CommandResult HTTP/1.1
X-PackageName: AgentPackageAgentInformation
X-PackageVersion: 39.1.0.0
X-AccountId: 001Q300000QLiNHIA1
Content-Type: application/json
Host: agent-api.atera.com
Content-Length: 456
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:04:35 GMT
Content-Length: 0
Connection: keep-alive
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
DNS

msedge.api.cdp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.api.cdp.microsoft.com

IN A

Response

msedge.api.cdp.microsoft.com

IN CNAME

api.cdp.microsoft.com

api.cdp.microsoft.com

IN CNAME

glb.api.prod.dcat.dsp.trafficmanager.net

glb.api.prod.dcat.dsp.trafficmanager.net

IN A

4.155.164.36
DNS

msedge.api.cdp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.api.cdp.microsoft.com

IN A
POST

https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

Remote address:

4.155.164.36:443

Request

POST /api/v2/contents/Browser/namespaces/Default/names?action=batchupdates HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=-1; cnt=2
ms-correlationid: {366A438D-BC6B-4DA8-936D-6AF400A013BE}
ms-requestid: {C4069554-C605-4DBA-BF03-8FE4D10A4E05}
ms-cv: jUNqNmu8qE2TbWr0AKATvg.0
x-last-hr: 0x0
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 1
content-length: 2540

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Thu, 13 Feb 2025 15:04:51 GMT
content-length: 296
ms-correlationid: 366a438d-bc6b-4da8-936d-6af400a013be
ms-requestid: c4069554-c605-4dba-bf03-8fe4d10a4e05
ms-cv: {366A438D-BC6B-4DA8-936D-6AF400A013BE}.0
POST

https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false

Remote address:

4.155.164.36:443

Request

POST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=-1; cnt=2
ms-correlationid: {366A438D-BC6B-4DA8-936D-6AF400A013BE}
ms-requestid: {6E0CEA1B-984B-4C74-B643-E6119815341C}
ms-cv: jUNqNmu8qE2TbWr0AKATvg.1
x-last-hr: 0x0
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 1
content-length: 2

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Thu, 13 Feb 2025 15:04:51 GMT
content-length: 5358
ms-correlationid: 366a438d-bc6b-4da8-936d-6af400a013be
ms-requestid: 6e0cea1b-984b-4c74-b643-e6119815341c
ms-cv: {366A438D-BC6B-4DA8-936D-6AF400A013BE}.0
POST

https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false

Remote address:

4.155.164.36:443

Request

POST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false HTTP/2.0
host: msedge.api.cdp.microsoft.com
cache-control: no-cache
pragma: no-cache
content-type: application/json
user-agent: Microsoft Edge Update/1.3.195.43;winhttp
x-old-uid: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
ms-correlationid: {366A438D-BC6B-4DA8-936D-6AF400A013BE}
ms-requestid: {E04A90A4-185F-4799-9462-A25F1DEF549E}
ms-cv: jUNqNmu8qE2TbWr0AKATvg.2
x-last-hr: 0x0
x-last-http-status-code: 0
x-retry-count: 0
x-http-attempts: 1
content-length: 2

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
content-type: application/json; charset=utf-8
date: Thu, 13 Feb 2025 15:04:52 GMT
content-length: 5338
ms-correlationid: 366a438d-bc6b-4da8-936d-6af400a013be
ms-requestid: e04a90a4-185f-4799-9462-a25f1def549e
ms-cv: {366A438D-BC6B-4DA8-936D-6AF400A013BE}.0
DNS

msedge.b.tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-tlu-net.trafficmanager.net

cdp-f-tlu-net.trafficmanager.net

IN CNAME

fg.microsoft.map.fastly.net

fg.microsoft.map.fastly.net

IN A

199.232.214.172

fg.microsoft.map.fastly.net

IN A

199.232.210.172
HEAD

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

HEAD /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 178604088
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:04:57 GMT
Via: 1.1 varnish
Age: 296324
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47776
X-Timer: S1739459098.809883,VS0,VE0
X-CID: 3
X-CCC: GB
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=0-1119
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 1120
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:04:57 GMT
Via: 1.1 varnish
Age: 296324
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47777
X-Timer: S1739459098.934565,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 0-1119/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=1120-2916
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 1797
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:01 GMT
Via: 1.1 varnish
Age: 296328
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47778
X-Timer: S1739459101.276536,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 1120-2916/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=2917-5620
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 2704
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:02 GMT
Via: 1.1 varnish
Age: 296329
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47779
X-Timer: S1739459102.278415,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 2917-5620/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=5621-15764
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 10144
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:03 GMT
Via: 1.1 varnish
Age: 296330
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47780
X-Timer: S1739459103.269482,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 5621-15764/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=15765-37295
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 21531
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:04 GMT
Via: 1.1 varnish
Age: 296331
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47781
X-Timer: S1739459104.382267,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 15765-37295/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=37296-82227
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 44932
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:05 GMT
Via: 1.1 varnish
Age: 296332
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47782
X-Timer: S1739459105.415295,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 37296-82227/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=82228-172826
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 90599
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:06 GMT
Via: 1.1 varnish
Age: 296333
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47783
X-Timer: S1739459106.493731,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 82228-172826/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=172827-355381
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 182555
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:07 GMT
Via: 1.1 varnish
Age: 296334
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47784
X-Timer: S1739459108.557074,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 172827-355381/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=355382-721807
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 366426
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:08 GMT
Via: 1.1 varnish
Age: 296335
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47785
X-Timer: S1739459109.610031,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 355382-721807/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=721808-1442638
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 720831
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:09 GMT
Via: 1.1 varnish
Age: 296336
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47786
X-Timer: S1739459110.656248,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 721808-1442638/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=1442639-2187483
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 744845
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:10 GMT
Via: 1.1 varnish
Age: 296337
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 47787
X-Timer: S1739459111.716474,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 1442639-2187483/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=2187484-3726877
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 1539394
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:11 GMT
Via: 1.1 varnish
Age: 296543
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 28858
X-Timer: S1739459112.792476,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 2187484-3726877/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=3726878-4637636
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 910759
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:12 GMT
Via: 1.1 varnish
Age: 296544
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 28859
X-Timer: S1739459113.854792,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 3726878-4637636/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=4637637-5324018
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 686382
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:20 GMT
Via: 1.1 varnish
Age: 296542
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 27803
X-Timer: S1739459121.710951,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 4637637-5324018/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=5324019-5802355
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 478337
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:26 GMT
Via: 1.1 varnish
Age: 296548
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 27809
X-Timer: S1739459127.718390,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 5324019-5802355/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=5802356-6154387
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 352032
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:29 GMT
Via: 1.1 varnish
Age: 296550
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 27810
X-Timer: S1739459129.343029,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 5802356-6154387/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=6154388-6539646
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 385259
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:30 GMT
Via: 1.1 varnish
Age: 296306
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 26821
X-Timer: S1739459130.367830,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 6154388-6539646/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=6539647-7069681
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 530035
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:31 GMT
Via: 1.1 varnish
Age: 296307
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 26822
X-Timer: S1739459131.399727,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 6539647-7069681/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=7069682-7690033
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 620352
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:32 GMT
Via: 1.1 varnish
Age: 296308
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 26823
X-Timer: S1739459133.710383,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 7069682-7690033/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=7690034-8217644
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 527611
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:33 GMT
Via: 1.1 varnish
Age: 296310
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 26824
X-Timer: S1739459134.822155,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 7690034-8217644/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=8217645-8597940
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 380296
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:38 GMT
Via: 1.1 varnish
Age: 296308
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25533
X-Timer: S1739459139.768025,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 8217645-8597940/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=8597941-8876194
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 278254
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:42 GMT
Via: 1.1 varnish
Age: 296311
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25536
X-Timer: S1739459142.091161,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 8597941-8876194/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=8876195-9114921
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 238727
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:43 GMT
Via: 1.1 varnish
Age: 296312
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25537
X-Timer: S1739459143.121327,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 8876195-9114921/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=9114922-9287475
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 172554
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:46 GMT
Via: 1.1 varnish
Age: 296315
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25538
X-Timer: S1739459147.650268,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 9114922-9287475/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=9287476-9417817
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 130342
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:48 GMT
Via: 1.1 varnish
Age: 296318
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25539
X-Timer: S1739459149.759127,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 9287476-9417817/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=9417818-9523939
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 106122
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:50 GMT
Via: 1.1 varnish
Age: 296319
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25540
X-Timer: S1739459150.074432,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 9417818-9523939/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=9523940-9639327
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 115388
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:51 GMT
Via: 1.1 varnish
Age: 296320
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25541
X-Timer: S1739459151.087291,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 9523940-9639327/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=9639328-9765120
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 125793
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:52 GMT
Via: 1.1 varnish
Age: 296321
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25543
X-Timer: S1739459152.103385,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 9639328-9765120/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=9765121-9871267
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 106147
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:53 GMT
Via: 1.1 varnish
Age: 296322
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25544
X-Timer: S1739459153.239658,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 9765121-9871267/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=9871268-9976044
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 104777
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:54 GMT
Via: 1.1 varnish
Age: 296323
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25545
X-Timer: S1739459154.270289,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 9871268-9976044/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=9976045-10072232
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 96188
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:55 GMT
Via: 1.1 varnish
Age: 296324
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 25546
X-Timer: S1739459156.538774,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 9976045-10072232/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=10072233-10159470
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 87238
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:56 GMT
Via: 1.1 varnish
Age: 291906
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24825
X-Timer: S1739459156.370715,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 10072233-10159470/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=10159471-10240997
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 81527
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:57 GMT
Via: 1.1 varnish
Age: 291907
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24826
X-Timer: S1739459157.368029,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 10159471-10240997/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=10240998-10314435
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 73438
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:05:59 GMT
Via: 1.1 varnish
Age: 291909
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24827
X-Timer: S1739459160.991932,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 10240998-10314435/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=10314436-10372498
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 58063
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:06:01 GMT
Via: 1.1 varnish
Age: 291911
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24828
X-Timer: S1739459161.379925,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 10314436-10372498/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=10372499-10492077
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 119579
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:06:02 GMT
Via: 1.1 varnish
Age: 291912
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24829
X-Timer: S1739459163.976304,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 10372499-10492077/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=10492078-10668298
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 176221
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:06:03 GMT
Via: 1.1 varnish
Age: 291913
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24830
X-Timer: S1739459163.399264,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 10492078-10668298/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=10668299-10830076
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 161778
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:06:04 GMT
Via: 1.1 varnish
Age: 291914
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24831
X-Timer: S1739459164.415483,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 10668299-10830076/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=10830077-10966228
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 136152
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:06:05 GMT
Via: 1.1 varnish
Age: 291915
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24832
X-Timer: S1739459166.668313,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 10830077-10966228/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=10966229-11087715
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 121487
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:06:06 GMT
Via: 1.1 varnish
Age: 291916
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24833
X-Timer: S1739459167.687129,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 10966229-11087715/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=11087716-11190910
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 103195
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:06:07 GMT
Via: 1.1 varnish
Age: 291917
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24834
X-Timer: S1739459168.767546,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 11087716-11190910/178604088
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

Remote address:

199.232.214.172:80

Request

GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
Range: bytes=11190911-11271382
User-Agent: Microsoft BITS/7.8
X-Old-UID: {67315C04-7D4F-4C34-A5ED-280FF30C343F}; age=0; cnt=2
X-Last-HR: 0x80070422
X-Last-HTTP-Status-Code: 500
X-Retry-Count: 0
X-HTTP-Attempts: 2
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 80472
Cache-Control: public, max-age=17280000
Content-Type: application/octet-stream
MS-CorrelationId: bca99da9-4533-48de-9915-2116a3a8b393
MS-RequestId: 1a28825d-7e68-4417-a360-3d8f3579d4b7
MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.1.0
Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
Accept-Ranges: bytes
Date: Thu, 13 Feb 2025 15:06:09 GMT
Via: 1.1 varnish
Age: 291919
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 24835
X-Timer: S1739459170.866743,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 11190911-11271382/178604088
GET

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?9d9396f9e03fee4f

Remote address:

199.232.210.172:80

Request

GET /msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?9d9396f9e03fee4f HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 02 Jun 2017 17:39:05 GMT
If-None-Match: "80424021c7dbd21:0"
User-Agent: Microsoft-CryptoAPI/10.0
Host: ctldl.windowsupdate.com

Response

HTTP/1.1 304 Not Modified

Connection: keep-alive
Date: Thu, 13 Feb 2025 15:05:15 GMT
Via: 1.1 varnish
X-Varnish: 3386083912
Cache-Control: public,max-age=900
ETag: "80424021c7dbd21:0"
Age: 297
POST

https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

AteraAgent.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/AcknowledgeCommands HTTP/1.1
Content-Type: application/json
Host: agent-api.atera.com
Content-Length: 104
Connection: Close

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:05:59 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc
DNS

agent-api.atera.com

AgentPackageAgentInformation.exe

Remote address:

8.8.8.8:53

Request

agent-api.atera.com

IN A

Response

agent-api.atera.com

IN CNAME

agentsapi.trafficmanager.net

agentsapi.trafficmanager.net

IN CNAME

atera-agent-api-eu.westeurope.cloudapp.azure.com

atera-agent-api-eu.westeurope.cloudapp.azure.com

IN A

40.119.152.241
DNS

agent-api.atera.com

AgentPackageAgentInformation.exe

Remote address:

8.8.8.8:53

Request

agent-api.atera.com

IN A
DNS

agent-api.atera.com

AgentPackageAgentInformation.exe

Remote address:

8.8.8.8:53

Request

agent-api.atera.com

IN A
POST

https://agent-api.atera.com/Production/Agent/CommandResult

AgentPackageAgentInformation.exe

Remote address:

40.119.152.241:443

Request

POST /Production/Agent/CommandResult HTTP/1.1
X-PackageName: AgentPackageAgentInformation
X-PackageVersion: 39.1.0.0
X-AccountId: 001Q300000QLiNHIA1
Content-Type: application/json
Host: agent-api.atera.com
Content-Length: 456
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 13 Feb 2025 15:06:11 GMT
Content-Length: 0
Connection: keep-alive
Request-Context: appId=cid-v1:dab78164-68e3-479b-97e3-bbc6914c52dc

150.171.28.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid=

tls, http2

2.7kB
12.7kB
27
22

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6c481e1f5e14c87a00e68fcadab916e&localId=w:41DB1DC1-977A-8BD5-2560-B615C7BC3215&deviceId=6966574999063966&anid=

HTTP Response

204
104.86.111.66:443

https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

tls, http2

1.5kB
7.3kB
17
14

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

HTTP Response

200
40.119.152.241:443

https://agent-api.atera.com/Production/Agent/track-event

tls, http

rundll32.exe

1.4kB
5.5kB
10
9

HTTP Request

POST https://agent-api.atera.com/Production/Agent/track-event

HTTP Response

400
40.119.152.241:443

https://agent-api.atera.com/Production/Agent/GetCommands

tls, http

AteraAgent.exe

2.3kB
5.9kB
16
14

HTTP Request

POST https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus

HTTP Response

200

HTTP Request

POST https://agent-api.atera.com/Production/Agent/GetCommands

HTTP Response

204
40.119.152.241:443

https://agent-api.atera.com/Production/Agent/track-event

tls, http

rundll32.exe

1.1kB
5.5kB
9
9

HTTP Request

POST https://agent-api.atera.com/Production/Agent/track-event

HTTP Response

400
40.119.152.241:443

https://agent-api.atera.com/Production/Agent/AgentStarting

tls, http

AteraAgent.exe

2.6kB
31.1kB
30
34

HTTP Request

POST https://agent-api.atera.com/Production/Agent/GetRecurringPackages

HTTP Response

200

HTTP Request

POST https://agent-api.atera.com/Production/Agent/AgentStarting

HTTP Response

200
35.157.63.227:443

https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3299ff41-fc68-4823-8d88-86318ab4ffe8&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

tls, http

AteraAgent.exe

3.8kB
8.7kB
28
24

HTTP Request

GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a76f0fa3-8ab5-4e13-8322-348989c8a90f&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200

HTTP Request

GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f24c7115-76f1-4a70-aa73-279f880dee32&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200

HTTP Request

GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a7a271d7-4432-48e0-a3bf-9855b8265bcf&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200

HTTP Request

GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a7495724-a05d-4d92-ba40-571a2e521237&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Request

GET https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/76cdd8c2-5883-4748-8512-4202bfa641c5/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d9767446-9f3c-40a9-afd5-d68b1e64fead&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6549575f-8ffd-40fb-a4a4-8f49d653669b&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200

HTTP Request

GET https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=3299ff41-fc68-4823-8d88-86318ab4ffe8&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200
35.157.63.227:443

https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=95c2cfe1-ee09-4756-a369-270c57ca747a&tr=41&tt=17394591581114166&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

tls, http

AteraAgent.exe

3.4kB
11.6kB
24
26

HTTP Request

GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7cc9d869-6654-4b9a-9d8b-32d3ef2abdab&tt=0&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200

HTTP Request

GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=73e58624-eec2-45f2-a6ed-29a661a06835&tr=41&tt=17394590658709246&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200

HTTP Request

GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=505518b5-36b0-4cb4-997d-35e47435ea8f&tr=41&tt=17394590689362428&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200

HTTP Request

GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=38adeab7-835a-489d-8f2c-cc134f2b12a9&tr=41&tt=17394590689362428&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5

HTTP Response

200

HTTP Request

GET https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/76cdd8c2-5883-4748-8512-4202bfa641c5/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=95c2cfe1-ee09-4756-a369-270c57ca747a&tr=41&tt=17394591581114166&uuid=76cdd8c2-5883-4748-8512-4202bfa641c5
40.119.152.241:443

https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

tls, http

AteraAgent.exe

1.2kB
5.6kB
13
12

HTTP Request

POST https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

HTTP Response

200
99.84.9.89:443

https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation.zip?LAU3TqgOSi3KaLyA8w/WYl3y7X24dv7fku8xT94/WP7BWjrZg0/LUtsdKUqFeD25

tls, http

AteraAgent.exe

7.7kB
410.4kB
157
300

HTTP Request

GET https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation.zip?LAU3TqgOSi3KaLyA8w/WYl3y7X24dv7fku8xT94/WP7BWjrZg0/LUtsdKUqFeD25

HTTP Response

200
40.119.152.241:443

https://agent-api.atera.com/Production/Agent/CommandResult

tls, http

AgentPackageAgentInformation.exe

1.8kB
5.5kB
11
9

HTTP Request

POST https://agent-api.atera.com/Production/Agent/CommandResult

HTTP Response

200
4.155.164.36:443

https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false

tls, http2

5.7kB
17.5kB
28
24

HTTP Request

POST https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

HTTP Response

200

HTTP Request

POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false

HTTP Response

200

HTTP Request

POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false

HTTP Response

200
199.232.214.172:80

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

http

274.3kB
11.6MB
4921
8364

HTTP Request

HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

200

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740063892&P2=404&P3=2&P4=aHsLzUUaqkYauOFLURhJTA7x8HzZ4IR1OZsE4Gnff9QxKsxEkXbMusZf1hQQSbpFnmZCNCapzyh%2bHHGgZua8mg%3d%3d

HTTP Response

206
199.232.210.172:80

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?9d9396f9e03fee4f

http

754 B
658 B
10
6

HTTP Request

GET http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?9d9396f9e03fee4f

HTTP Response

304
40.119.152.241:443

https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

tls, http

AteraAgent.exe

1.7kB
5.9kB
14
12

HTTP Request

POST https://agent-api.atera.com/Production/Agent/AcknowledgeCommands

HTTP Response

200
40.119.152.241:443

https://agent-api.atera.com/Production/Agent/CommandResult

tls, http

AgentPackageAgentInformation.exe

2.7kB
6.1kB
18
12

HTTP Request

POST https://agent-api.atera.com/Production/Agent/CommandResult

HTTP Response

200

8.8.8.8:53

g.bing.com

dns

168 B
148 B
3
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

agent-api.atera.com

dns

AgentPackageAgentInformation.exe

65 B
182 B
1
1

DNS Request

agent-api.atera.com

DNS Response

40.119.152.241
8.8.8.8:53

ps.pndsn.com

dns

AteraAgent.exe

58 B
90 B
1
1

DNS Request

ps.pndsn.com

DNS Response

35.157.63.227

35.157.63.228
8.8.8.8:53

ps.atera.com

dns

AteraAgent.exe

58 B
165 B
1
1

DNS Request

ps.atera.com

DNS Response

99.84.9.89

99.84.9.5

99.84.9.56

99.84.9.72
8.8.8.8:53

agent-api.atera.com

dns

AgentPackageAgentInformation.exe

65 B
182 B
1
1

DNS Request

agent-api.atera.com

DNS Response

40.119.152.241
8.8.8.8:53

msedge.api.cdp.microsoft.com

dns

148 B
158 B
2
1

DNS Request

msedge.api.cdp.microsoft.com

DNS Request

msedge.api.cdp.microsoft.com

DNS Response

4.155.164.36
8.8.8.8:53

msedge.b.tlu.dl.delivery.mp.microsoft.com

dns

87 B
266 B
1
1

DNS Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

DNS Response

199.232.214.172

199.232.210.172
8.8.8.8:53

agent-api.atera.com

dns

AgentPackageAgentInformation.exe

195 B
182 B
3
1

DNS Request

agent-api.atera.com

DNS Request

agent-api.atera.com

DNS Request

agent-api.atera.com

DNS Response

40.119.152.241

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57f8a9.rbs

Filesize
8KB

MD5
b2dd34b0f520a778a970c9845119001d

SHA1
899ea0590427279b617fcd9d985134403ca5f390

SHA256
a101cc51db477a81e0ad03423bc07dbb2a845d3289611782512ba014fd5962bc

SHA512
c6c7a6f01a61a7030b112fd16e987cf89bcee446f7d9b2e733de00d542c2fd618654981e9e4b6069cd85261224735dc183c826d11cdba12303c45c38ac7ce4ca

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Filesize
142KB

MD5
477293f80461713d51a98a24023d45e8

SHA1
e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

SHA256
a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

SHA512
23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

Filesize
1KB

MD5
b3bb71f9bb4de4236c26578a8fae2dcd

SHA1
1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

SHA256
e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

SHA512
fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

Filesize
210KB

MD5
c106df1b5b43af3b937ace19d92b42f3

SHA1
7670fc4b6369e3fb705200050618acaa5213637f

SHA256
2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

SHA512
616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

Filesize
693KB

MD5
2c4d25b7fbd1adfd4471052fa482af72

SHA1
fd6cd773d241b581e3c856f9e6cd06cb31a01407

SHA256
2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

SHA512
f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI

Filesize
12B

MD5
1e065e191e89cc811ff49c96fa8fa5e6

SHA1
bc50ff2a20a8b83683583684fcac640a91689ed4

SHA256
d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

SHA512
5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Filesize
247KB

MD5
aa5cf64d575b7544eefd77f256c4dc57

SHA1
bd23989db4f9af0aae34d032e817d802c06ca5a9

SHA256
79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

SHA512
774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

Filesize
546B

MD5
158fb7d9323c6ce69d4fce11486a40a1

SHA1
29ab26f5728f6ba6f0e5636bf47149bd9851f532

SHA256
5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

SHA512
7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

Filesize
94KB

MD5
c69c7690482c75a8fc70df2990d7afc6

SHA1
79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

SHA256
580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

SHA512
ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

Filesize
688KB

MD5
111e2e63bccead95bb5ffc53c9282070

SHA1
eaae7df21e291aa089bc101b1e265ca202be1225

SHA256
9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

SHA512
ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

Filesize
588KB

MD5
17d74c03b6bcbcd88b46fcc58fc79a0d

SHA1
bc0316e11c119806907c058d62513eb8ce32288c

SHA256
13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

SHA512
f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

Download Submit
C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

Filesize
216B

MD5
1bc34d81b8d1f506e32bc8884677af86

SHA1
6b7540427339458b4fda04ef03325f7791cda2b4

SHA256
c2a69f1c2920b07fae0afbfe48fcb5df06484891ff3916b2bf9807d9bc44af44

SHA512
8c904f2b3f6b348ab85e1d597fd54f5849f5403c43986687c9fff34e260c937db54771f4db12c326fdd5e651aa9b9777f252137d81a3b53d0c7fb2e72c4ceb64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC

Filesize
727B

MD5
ff4bea733300a11e3e608f049fe3d1be

SHA1
f30f2cb00f0c4f42ce560aba80fe896bfb410e31

SHA256
4aa049e2d89cd8ba71f721f30482b808cf1045c40eae743df2c3bc56ecc252db

SHA512
aaa1d2c698e26fa077952d4ce6899dd80cab612bfd41947e2e778742c5dc0e63f197f8be5f5834072e8f675922f9e642a8126e89b59b5cb566f13b39322845aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC

Filesize
412B

MD5
bbd3ecb60f4f762e1123393dc1006a90

SHA1
70245cbce4fd381474849bfbc32069afeabb2770

SHA256
869f68b5faae282a15e05fba4713fbab034a4369eee03cd7867615c32d722f94

SHA512
9835c87fb398fbad0040e3aad002d7eb3eeb3fa5e55b824b307577fc4cad1d8db076b3b3fcd46f0fc8afa6c8d9d675ecf07ce75f26d44359eaf116a0d4a2cb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

Filesize
651B

MD5
9bbfe11735bac43a2ed1be18d0655fe2

SHA1
61141928bb248fd6e9cd5084a9db05a9b980fb3a

SHA256
549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

SHA512
a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

Download Submit
C:\Windows\Installer\MSI69.tmp-\CustomAction.config

Filesize
1KB

MD5
bc17e956cde8dd5425f2b2a68ed919f8

SHA1
5e3736331e9e2f6bf851e3355f31006ccd8caa99

SHA256
e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

SHA512
02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

Download Submit
C:\Windows\Installer\MSI69.tmp-\Newtonsoft.Json.dll

Filesize
695KB

MD5
715a1fbee4665e99e859eda667fe8034

SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6

SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

Download Submit
C:\Windows\Installer\MSI9F2.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIF944.tmp

Filesize
509KB

MD5
88d29734f37bdcffd202eafcdd082f9d

SHA1
823b40d05a1cab06b857ed87451bf683fdd56a5e

SHA256
87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

SHA512
1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

Download Submit
C:\Windows\Installer\MSIF944.tmp-\AlphaControlAgentInstallation.dll

Filesize
25KB

MD5
aa1b9c5c685173fad2dabebeb3171f01

SHA1
ed756b1760e563ce888276ff248c734b7dd851fb

SHA256
e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

SHA512
d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

Download Submit
C:\Windows\Installer\MSIF944.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
C:\Windows\Installer\e57f8a8.msi

Filesize
2.9MB

MD5
e8b1181705de08e000d887191f399a06

SHA1
1b9db77f4cc5d42bcab04cf6af2ca2069b7754e8

SHA256
a6b86df4bdf042ad8fd4b5662d93b0359bb3e2f747081f7ca31408d5d9e4bda7

SHA512
4f9901b316554d92a1f1d3e79ad860207ff36d226f09d780e89e1104f4b74e4fce6d452e963ff4a75f2c52216f0ab08a828caa2e016e7cae221ce0706ebde82c

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

Filesize
727B

MD5
a13afbd3934e4e4f1e5386ea92dbbfa8

SHA1
d379fc2001cbb4208a46ea368e34037140394757

SHA256
7942d17029296053b662d7b93d84960d219262b22760637e4b1d010ca625a619

SHA512
88b370509b79cbb797c5717e4ea3b0e930d431f593884cb29f12bf73373ee17f82074c677b580c4498bddb841cc77422bc7b3365cfff105f3679a588fcd4c7fd

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
cce892547d8f789a6499edb004830647

SHA1
0a9922ae4a61e969add17ed20020047781c34d71

SHA256
51b4d2f5fb0e185f3aee601c4d0d47073803d188856885d6ade3ad70595278ed

SHA512
f63cb605c9054198f7b267826dcb393b2c9f18b3d35113c1c3d844f42db1e1d5e1d121b728d0e48548207e3dc232c2a8f669a10f42bda2961477247db69859ac

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

Filesize
404B

MD5
6bd1f94cf28fe87f5b4f3c04d748a3c3

SHA1
5da2ad83ca5fd2df6d709a70fd8914a5b4429a7b

SHA256
9c118dc087e82d88eeebf81dfd2a190873e954a3834fb2ad329d75104ae131b0

SHA512
e7063da48c3c92b422d45778dc90f784855b37f6e58199bd66b4895dd48f188a876003ed202635766f800f967a3896d0013431bd6440b6ae6da4dad212cc26f0

Download Submit
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
ca47dfdee6eb43d812522dcbbb7f8cdb

SHA1
b438ad55835a9bd19ff0bb48d802922580520875

SHA256
c92f5636a1336acf19b32933b3a29e68319ad6bf4d7439a68d3584e7cde2fedd

SHA512
b2b90a41925d2bdca3deedcd7b7948c992ebc667f329a8385d9cf440e725f04555bb0d50d28fd20aa9ffb8f1ba62d5bd2a76668b93df1c7b842e1f473f304df4

Download Submit
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

Filesize
1KB

MD5
9cad061ddf5ad182cfe7879190aeed71

SHA1
cfd292d16d937f95b642527464403b7e5ef6af96

SHA256
b2d273fa926ebf6946e69e8808ad332db42bc65f449748082e088aa732e408ca

SHA512
df517d66358f441a7c4c690cd90e214f18d490e3de767dd76164effaa179b1dd865a0056d68ce3ab6aee55917465c7f39146e7694b1ac475fcc95c280fb29e92

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
8196cd1132dbcf1dd9c710ba85ddb0c1

SHA1
f564f8983ef55f47a743a323d86e1d4d88603724

SHA256
c687c93bb53531ce6164dde2d6ef9f26106582b78192a52df2e4c068b60d75bb

SHA512
1e16016d3ffdac4883f1990704e8a80c1ae5dfc8c21b9885461737d5cf66fa6648eb7275926da430527a1de743a08ac660c10820b04ca97381d799f779edf645

Download Submit
\??\Volume{182951f1-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{f377e8a0-946f-40fd-a1c0-724c47434dfd}_OnDiskSnapshotProp

Filesize
6KB

MD5
994f87ed7530f70a7ff0fd3e0bfdde4e

SHA1
d2edb03b7c7105f59378486e99da281f0ad2d915

SHA256
f83afd522e976ca44712e025de96209921efa53f39c5373cab6aff979fcb23e4

SHA512
e890cf4e9e14c1ea5b50bdd21caf7c57f6d7af946aa7c6c422c24698bc3a5b2b337f8eea0152a72a93d1c0c5157627b33eac02ca9d883fe1a66b8c6c94829fe1

Download Submit
memory/1268-196-0x000001C456DE0000-0x000001C456E92000-memory.dmp

Filesize
712KB

Download
memory/1268-198-0x000001C43D220000-0x000001C43D242000-memory.dmp

Filesize
136KB

Download
memory/1268-235-0x000001C4572E0000-0x000001C457318000-memory.dmp

Filesize
224KB

Download
memory/1448-68-0x00000000048E0000-0x0000000004992000-memory.dmp

Filesize
712KB

Download
memory/1448-72-0x00000000049A0000-0x0000000004CF4000-memory.dmp

Filesize
3.3MB

Download
memory/1448-71-0x0000000004850000-0x0000000004872000-memory.dmp

Filesize
136KB

Download
memory/1936-141-0x000001CD1BEF0000-0x000001CD1BF18000-memory.dmp

Filesize
160KB

Download
memory/1936-158-0x000001CD1DB40000-0x000001CD1DB7C000-memory.dmp

Filesize
240KB

Download
memory/1936-153-0x000001CD36590000-0x000001CD36628000-memory.dmp

Filesize
608KB

Download
memory/1936-157-0x000001CD1C300000-0x000001CD1C312000-memory.dmp

Filesize
72KB

Download
memory/3484-269-0x000002D26FF90000-0x000002D26FFAC000-memory.dmp

Filesize
112KB

Download
memory/3484-264-0x000002D26F6F0000-0x000002D26F732000-memory.dmp

Filesize
264KB

Download
memory/3484-267-0x000002D270860000-0x000002D270910000-memory.dmp

Filesize
704KB

Download
memory/4176-103-0x00000000054B0000-0x0000000005516000-memory.dmp

Filesize
408KB

Download
memory/4404-35-0x0000000000F50000-0x0000000000F5C000-memory.dmp

Filesize
48KB

Download
memory/4404-31-0x0000000000F10000-0x0000000000F3E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response