Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

random.exe

windows7-x64

10

random.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250211-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/02/2025, 16:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    random.exe

  • Size

    6.3MB

  • MD5

    368e676306818d9266f0d4948e0eb541

  • SHA1

    4d67aef52ca4ff56130990bd789ba99887e8094f

  • SHA256

    3bf45d9e1a4948475d8770f14d50fcf227eb60484f892fab04896e95c16fe8ac

  • SHA512

    d9f0f7ce266411e3493d1c617d6d322beeed05704cd30689cd3e4f95c7f3d47ec2ab0704c17094a94dc4b2059bbd088df77751ed782d3aac06893319bd650d16

  • SSDEEP

    98304:yuDuKIqCMOWkhl9mPIiyZlpVbawv+MqdEjDYPVakdiNV2:5DuK7XOWXDyZlbVoVasiG

Score
10/10
cryptbotdefense_evasiondiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

http://home.fivejj5sr.top/fWukggcxTlVTnBnJjsCp17

Signatures

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • Cryptbot family
    cryptbot
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    defense_evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    defense_evasion
  • Downloads MZ/PE file 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\random.exe
    "C:\Users\Admin\AppData\Local\Temp\random.exe"
    1⤵
    • Enumerates VirtualBox registry keys
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2144
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkI3NUJDOEItNEE0RS00MTZFLTg1NzctMkRCN0U3QUVBNjVEfSIgdXNlcmlkPSJ7ODc5RUQ4MDMtQUY3QS00MTEwLTgxNzQtNjI5QzMwRDZFMDI3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7M0ZCRkI4NTctQjAzMy00RUM2LTkyMzMtRUEwODhERDEwNTM0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODM0MTAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NTUzNjg2NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzgyMzE0NDExIi8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:2820

Network

  • flag-us
    DNS
    httpbin.org
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    httpbin.org
    IN A
    Response
    httpbin.org
    IN A
    3.214.119.249
    httpbin.org
    IN A
    3.208.239.150
  • flag-us
    DNS
    httpbin.org
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    httpbin.org
    IN AAAA
  • flag-us
    DNS
    httpbin.org
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    httpbin.org
    IN A
  • flag-us
    DNS
    httpbin.org
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    httpbin.org
    IN AAAA
  • flag-us
    DNS
    httpbin.org
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    httpbin.org
    IN A
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN A
    Response
    home.fivejj5sr.top
    IN A
    166.1.36.226
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN AAAA
  • flag-de
    POST
    http://home.fivejj5sr.top/fWukggcxTlVTnBnJjsCp1739361436
    random.exe
    Remote address:
    166.1.36.226:80
    Request
    POST /fWukggcxTlVTnBnJjsCp1739361436 HTTP/1.1
    Host: home.fivejj5sr.top
    Accept: */*
    Content-Type: application/json
    Content-Length: 487254
    Response
    HTTP/1.0 504 Gateway Time-out
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN A
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN AAAA
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN A
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN AAAA
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN AAAA
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN A
  • flag-us
    DNS
    msedge.api.cdp.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    msedge.api.cdp.microsoft.com
    IN A
    Response
    msedge.api.cdp.microsoft.com
    IN CNAME
    api.cdp.microsoft.com
    api.cdp.microsoft.com
    IN CNAME
    glb.api.prod.dcat.dsp.trafficmanager.net
    glb.api.prod.dcat.dsp.trafficmanager.net
    IN A
    4.245.161.190
  • flag-us
    DNS
    msedge.api.cdp.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    msedge.api.cdp.microsoft.com
    IN A
    Response
    msedge.api.cdp.microsoft.com
    IN CNAME
    api.cdp.microsoft.com
    api.cdp.microsoft.com
    IN CNAME
    glb.api.prod.dcat.dsp.trafficmanager.net
    glb.api.prod.dcat.dsp.trafficmanager.net
    IN A
    4.151.228.221
  • flag-us
    DNS
    msedge.api.cdp.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    msedge.api.cdp.microsoft.com
    IN A
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN A
    Response
    home.fivejj5sr.top
    IN A
    166.1.36.226
  • flag-us
    DNS
    home.fivejj5sr.top
    random.exe
    Remote address:
    8.8.8.8:53
    Request
    home.fivejj5sr.top
    IN AAAA
    Response
  • flag-de
    POST
    http://home.fivejj5sr.top/fWukggcxTlVTnBnJjsCp1739361436
    random.exe
    Remote address:
    166.1.36.226:80
    Request
    POST /fWukggcxTlVTnBnJjsCp1739361436 HTTP/1.1
    Host: home.fivejj5sr.top
    Accept: */*
    Content-Type: application/json
    Content-Length: 128
    Response
    HTTP/1.1 502 Bad Gateway
    Server: nginx/1.22.1
    Date: Sat, 15 Feb 2025 16:24:38 GMT
    Content-Type: text/html
    Content-Length: 157
    Connection: close
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388158_1XCR56DJ2GD9T3UQ1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388158_1XCR56DJ2GD9T3UQ1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 729217
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BEFDD4302F144ABFB2EB7A3567790D6E Ref B: FRA31EDGE0720 Ref C: 2025-02-15T16:24:48Z
    date: Sat, 15 Feb 2025 16:24:48 GMT
  • flag-ie
    POST
    https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates
    Remote address:
    4.245.161.190:443
    Request
    POST /api/v2/contents/Browser/namespaces/Default/names?action=batchupdates HTTP/2.0
    host: msedge.api.cdp.microsoft.com
    cache-control: no-cache
    pragma: no-cache
    content-type: application/json
    user-agent: Microsoft Edge Update/1.3.195.43;winhttp
    x-old-uid: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    ms-correlationid: {FB75BC8B-4A4E-416E-8577-2DB7E7AEA65D}
    ms-requestid: {0EEFB736-66B2-486D-BF02-E39C0E47D3D1}
    ms-cv: i7x1+05KbkGFdy23566mXQ.0
    x-last-hr: 0x80072f7d
    x-last-http-status-code: 0
    x-retry-count: 0
    x-http-attempts: 2
    content-length: 2538
    Response
    HTTP/2.0 200
    content-type: text/plain; charset=utf-8
    content-type: application/json; charset=utf-8
    date: Sat, 15 Feb 2025 16:24:46 GMT
    content-length: 296
    ms-correlationid: fb75bc8b-4a4e-416e-8577-2db7e7aea65d
    ms-requestid: 0eefb736-66b2-486d-bf02-e39c0e47d3d1
    ms-cv: {FB75BC8B-4A4E-416E-8577-2DB7E7AEA65D}.0
  • flag-ie
    POST
    https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false
    Remote address:
    4.245.161.190:443
    Request
    POST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false HTTP/2.0
    host: msedge.api.cdp.microsoft.com
    cache-control: no-cache
    pragma: no-cache
    content-type: application/json
    user-agent: Microsoft Edge Update/1.3.195.43;winhttp
    x-old-uid: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    ms-correlationid: {FB75BC8B-4A4E-416E-8577-2DB7E7AEA65D}
    ms-requestid: {EDF23DB7-A96D-43BF-8C5D-1EA79CA2D9E4}
    ms-cv: i7x1+05KbkGFdy23566mXQ.1
    x-last-hr: 0x0
    x-last-http-status-code: 0
    x-retry-count: 0
    x-http-attempts: 1
    content-length: 2
    Response
    HTTP/2.0 200
    content-type: text/plain; charset=utf-8
    content-type: application/json; charset=utf-8
    date: Sat, 15 Feb 2025 16:24:46 GMT
    content-length: 5338
    ms-correlationid: fb75bc8b-4a4e-416e-8577-2db7e7aea65d
    ms-requestid: edf23db7-a96d-43bf-8c5d-1ea79ca2d9e4
    ms-cv: {FB75BC8B-4A4E-416E-8577-2DB7E7AEA65D}.0
  • flag-ie
    POST
    https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false
    Remote address:
    4.245.161.190:443
    Request
    POST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false HTTP/2.0
    host: msedge.api.cdp.microsoft.com
    cache-control: no-cache
    pragma: no-cache
    content-type: application/json
    user-agent: Microsoft Edge Update/1.3.195.43;winhttp
    x-old-uid: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    ms-correlationid: {FB75BC8B-4A4E-416E-8577-2DB7E7AEA65D}
    ms-requestid: {6AFBA64A-E6D2-4775-9A32-E1BC8B979091}
    ms-cv: i7x1+05KbkGFdy23566mXQ.2
    x-last-hr: 0x0
    x-last-http-status-code: 0
    x-retry-count: 0
    x-http-attempts: 1
    content-length: 2
    Response
    HTTP/2.0 200
    content-type: text/plain; charset=utf-8
    content-type: application/json; charset=utf-8
    date: Sat, 15 Feb 2025 16:24:47 GMT
    content-length: 5338
    ms-correlationid: fb75bc8b-4a4e-416e-8577-2db7e7aea65d
    ms-requestid: 6afba64a-e6d2-4775-9a32-e1bc8b979091
    ms-cv: {FB75BC8B-4A4E-416E-8577-2DB7E7AEA65D}.0
  • flag-us
    DNS
    msedge.b.tlu.dl.delivery.mp.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    msedge.b.tlu.dl.delivery.mp.microsoft.com
    IN A
    Response
    msedge.b.tlu.dl.delivery.mp.microsoft.com
    IN CNAME
    star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com
    star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com
    IN CNAME
    cdp-f-tlu-net.trafficmanager.net
    cdp-f-tlu-net.trafficmanager.net
    IN CNAME
    edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com
    edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    91.80.49.20
    edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    91.81.129.182
    edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    91.80.49.22
    edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    91.80.49.85
    edge.ds-c7114-microsoft.global.dns.qwilted-cds.cqloud.com
    IN A
    91.80.49.86
  • flag-it
    HEAD
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    HEAD /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 200 OK
    Date: Sat, 15 Feb 2025 16:24:52 GMT
    Content-Type: application/octet-stream
    Content-Length: 178604088
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f571789a-3024003079-1
    Ocn-Served-By: QLT
    Accept-Ranges: bytes
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=0-1119
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:24:52 GMT
    Content-Type: application/octet-stream
    Content-Length: 1120
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f5717b1f-3024003079-2
    Ocn-Served-By: QLT
    Content-Range: bytes 0-1119/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=1120-2953
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:24:55 GMT
    Content-Type: application/octet-stream
    Content-Length: 1834
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f571cd05-3024003079-3
    Ocn-Served-By: QLT
    Content-Range: bytes 1120-2953/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=2954-6443
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:24:56 GMT
    Content-Type: application/octet-stream
    Content-Length: 3490
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f571ed8a-3024003079-4
    Ocn-Served-By: QLT
    Content-Range: bytes 2954-6443/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=6444-16570
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:24:57 GMT
    Content-Type: application/octet-stream
    Content-Length: 10127
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f57208b8-3024003079-5
    Ocn-Served-By: QLT
    Content-Range: bytes 6444-16570/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=16571-38096
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:24:59 GMT
    Content-Type: application/octet-stream
    Content-Length: 21526
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f572246d-3024003079-6
    Ocn-Served-By: QLT
    Content-Range: bytes 16571-38096/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=38097-42456
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:25:01 GMT
    Content-Type: application/octet-stream
    Content-Length: 4360
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f57261f4-3024003079-7
    Ocn-Served-By: QLT
    Content-Range: bytes 38097-42456/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=42457-74670
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:25:03 GMT
    Content-Type: application/octet-stream
    Content-Length: 32214
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f57298fe-3024003079-8
    Ocn-Served-By: QLT
    Content-Range: bytes 42457-74670/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=74671-145454
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:25:04 GMT
    Content-Type: application/octet-stream
    Content-Length: 70784
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f572b571-3024003079-9
    Ocn-Served-By: QLT
    Content-Range: bytes 74671-145454/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=145455-194589
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:25:05 GMT
    Content-Type: application/octet-stream
    Content-Length: 49135
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f572d041-3024003079-10
    Ocn-Served-By: QLT
    Content-Range: bytes 145455-194589/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=194590-237557
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:25:06 GMT
    Content-Type: application/octet-stream
    Content-Length: 42968
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f572ecb8-3024003079-11
    Ocn-Served-By: QLT
    Content-Range: bytes 194590-237557/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=237558-386071
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    Response
    HTTP/1.1 206 Partial Content
    Date: Sat, 15 Feb 2025 16:25:08 GMT
    Content-Type: application/octet-stream
    Content-Length: 148514
    Connection: keep-alive
    Cache-Control: public, max-age=17280000
    X-AspNetMvc-Version: 5.3
    MS-CorrelationId: b7f68eea-eb72-49dc-8a98-06d8579ddfb8
    MS-RequestId: 38e89f31-2058-4f40-a9db-fda0a65f415a
    MS-CV: z0TyYAApQ0SnTPhTzEiNVQ.0.1.1.6.1.1.2.0
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Last-Modified: Mon, 10 Feb 2025 02:10:08 GMT
    ETag: "BajKwfS+sHh4GdiCWW5erzQdfdY="
    X-CID: 9
    X-CCC: it
    Ocn-Cache-Status: HIT
    Ocn-Requestid: 10000005f5731a45-3024003079-12
    Ocn-Served-By: QLT
    Content-Range: bytes 237558-386071/178604088
    Server: Qwilt
    X-OC-Service-Type: lo
  • flag-it
    GET
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    Remote address:
    91.80.49.20:80
    Request
    GET /filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Mon, 10 Feb 2025 02:10:08 GMT
    Range: bytes=386072-679156
    User-Agent: Microsoft BITS/7.8
    X-Old-UID: {0F475DE6-5060-496C-8C23-403CA76BF526}; age=0; cnt=2
    X-Last-HR: 0x80070422
    X-Last-HTTP-Status-Code: 500
    X-Retry-Count: 0
    X-HTTP-Attempts: 2
    Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
  • 3.214.119.249:443
    httpbin.org
    tls
    random.exe
    1.6kB
     6.5kB
     15
    16
  • 166.1.36.226:80
    http://home.fivejj5sr.top/fWukggcxTlVTnBnJjsCp1739361436
    http
    random.exe
    37.9kB
     986 B
     51
    18

    HTTP Request

    POST http://home.fivejj5sr.top/fWukggcxTlVTnBnJjsCp1739361436

    HTTP Response

    504
  • 4.245.161.190:443
    msedge.api.cdp.microsoft.com
    tls
    2.6kB
     300 B
     15
    6
  • 166.1.36.226:80
    http://home.fivejj5sr.top/fWukggcxTlVTnBnJjsCp1739361436
    http
    random.exe
    793 B
     1.5kB
     11
    6

    HTTP Request

    POST http://home.fivejj5sr.top/fWukggcxTlVTnBnJjsCp1739361436

    HTTP Response

    502
  • 150.171.27.10:443
    tls, https
    675 B
     40 B
     6
    1
  • 4.245.161.190:443
    msedge.api.cdp.microsoft.com
    tls
    650 B
     179 B
     8
    4
  • 4.245.161.190:443
    msedge.api.cdp.microsoft.com
    288 B
     132 B
     6
    3
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239339388158_1XCR56DJ2GD9T3UQ1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    26.8kB
     762.3kB
     558
    555

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388158_1XCR56DJ2GD9T3UQ1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 4.245.161.190:443
    msedge.api.cdp.microsoft.com
    tls
    371 B
     179 B
     5
    4
  • 4.245.161.190:443
    https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false
    tls, http2
    5.0kB
     16.7kB
     22
    24

    HTTP Request

    POST https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

    HTTP Response

    200

    HTTP Request

    POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false

    HTTP Response

    200

    HTTP Request

    POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedgewebview-stable-win-x64/versions/133.0.3065.59/files?action=GenerateDownloadInfo&foregroundPriority=false

    HTTP Response

    200
  • 91.80.49.20:80
    http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
    http
    20.4kB
     414.1kB
     195
    311

    HTTP Request

    HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    200

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d

    HTTP Response

    206

    HTTP Request

    GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fed55805-2e85-41d8-b4e3-4ef6b5ebf63a?P1=1740241488&P2=404&P3=2&P4=jNtODgjPxfSCyDVY0%2bjTkEk5aEwO1WntV%2bVWjlaRnez5rK0kVbtFuq6YEPfL4KMwDYMEzdiPKa%2fA9QASF8UNnw%3d%3d
  • 8.8.8.8:53
    httpbin.org
    dns
    random.exe
    400 B
     100 B
     5
    1

    DNS Request

    httpbin.org

    DNS Request

    httpbin.org

    DNS Request

    httpbin.org

    DNS Request

    httpbin.org

    DNS Request

    httpbin.org

    DNS Response

    3.214.119.249
    3.208.239.150

  • 8.8.8.8:53
    home.fivejj5sr.top
    dns
    random.exe
    174 B
     91 B
     2
    1

    DNS Request

    home.fivejj5sr.top

    DNS Request

    home.fivejj5sr.top

    DNS Response

    166.1.36.226

  • 8.8.8.8:53
    home.fivejj5sr.top
    dns
    random.exe
    522 B
     6

    DNS Request

    home.fivejj5sr.top

    DNS Request

    home.fivejj5sr.top

    DNS Request

    home.fivejj5sr.top

    DNS Request

    home.fivejj5sr.top

    DNS Request

    home.fivejj5sr.top

    DNS Request

    home.fivejj5sr.top

  • 8.8.8.8:53
    msedge.api.cdp.microsoft.com
    dns
    74 B
     158 B
     1
    1

    DNS Request

    msedge.api.cdp.microsoft.com

    DNS Response

    4.245.161.190

  • 8.8.8.8:53
    msedge.api.cdp.microsoft.com
    dns
    148 B
     158 B
     2
    1

    DNS Request

    msedge.api.cdp.microsoft.com

    DNS Request

    msedge.api.cdp.microsoft.com

    DNS Response

    4.151.228.221

  • 8.8.8.8:53
    home.fivejj5sr.top
    dns
    random.exe
    174 B
     226 B
     2
    2

    DNS Request

    home.fivejj5sr.top

    DNS Request

    home.fivejj5sr.top

    DNS Response

    166.1.36.226

  • 8.8.8.8:53
    msedge.b.tlu.dl.delivery.mp.microsoft.com
    dns
    87 B
     344 B
     1
    1

    DNS Request

    msedge.b.tlu.dl.delivery.mp.microsoft.com

    DNS Response

    91.80.49.20
    91.81.129.182
    91.80.49.22
    91.80.49.85
    91.80.49.86

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2144-0-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-1-0x0000000077BD4000-0x0000000077BD6000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2144-2-0x0000000000BB1000-0x0000000000E4B000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2144-3-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-4-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-5-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-6-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-7-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-8-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-10-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-11-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-12-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-13-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-14-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-15-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-16-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-17-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-18-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-20-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-21-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2144-22-0x0000000000BB0000-0x00000000018D5000-memory.dmp

    Filesize

    13.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.