Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
165s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
13/02/2022, 12:21 UTC
Static task
static1
Behavioral task
behavioral1
Sample
b23fe1a321b8f7b9f0736574a98d115853c84ca6934752e4be13771eec4ac7b7.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b23fe1a321b8f7b9f0736574a98d115853c84ca6934752e4be13771eec4ac7b7.exe
Resource
win10v2004-en-20220112
General
-
Target
b23fe1a321b8f7b9f0736574a98d115853c84ca6934752e4be13771eec4ac7b7.exe
-
Size
72KB
-
MD5
2c0d06420d5af53d3324717bc2e4f280
-
SHA1
f0d10df44ee7ae8e2da6c02eb1fb9ed1517c26fa
-
SHA256
b23fe1a321b8f7b9f0736574a98d115853c84ca6934752e4be13771eec4ac7b7
-
SHA512
7e6c63d1bcba6e22a0f6a2539c25daf451c698fb2579747dd42b059e3780787582263b42ee57e1f8448764fb29b07173a5b8ec43c250fe2e725c6e44b1e3c583
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\!satana!.txt
khoperia331@mail.com
Signatures
-
Satana
Ransomware family which also encrypts the system's Master Boot Record (MBR).
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ggwnqnv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\!satana!.txt" b23fe1a321b8f7b9f0736574a98d115853c84ca6934752e4be13771eec4ac7b7.exe Key created \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b23fe1a321b8f7b9f0736574a98d115853c84ca6934752e4be13771eec4ac7b7.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\keyValueLKG.dat svchost.exe File opened for modification C:\Windows\Logs\CBS\CBS.log TiWorker.exe File opened for modification C:\Windows\WinSxS\pending.xml TiWorker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 MusNotifyIcon.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz MusNotifyIcon.exe -
Modifies data under HKEY_USERS 49 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyLanBytes = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\UplinkBps = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\BkDownloadRatePct = "45" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\MemoryUsageKB = "4168" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\NormalDownloadPendingCount = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownlinkBps = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\FrDownloadRatePct = "90" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\UploadRatePct = "100" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\PriorityDownloadCount = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\NormalDownloadCount = "0" svchost.exe Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\CPUpct = "16.644119" svchost.exe Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyLinkLocalBytes = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyCdnBytes = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\UplinkUsageBps = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\PriorityDownloadPendingCount = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownlinkUsageBps = "0" svchost.exe Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\CPUpct = "2.027052" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DODownloadMode = "1" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyCacheHostBytes = "0" svchost.exe Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\GeoVersion_EndpointFullUri = "https://geover.prod.do.dsp.mp.microsoft.com/geoversion" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\CacheSizeBytes = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\LANConnectionCount = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\MemoryUsageKB = "4400" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DownloadMode_BackCompat = "1" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\UploadMonthlyLanBytes = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyRateFrBps = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyRateBkCnt = "0" svchost.exe Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\CPUpct = "0.368665" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyRateBkBps = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\MonthID = "2" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\GroupConnectionCount = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\MonthlyUploadRestriction = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\PeerInfoCount = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\LinkLocalConnectionCount = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\UploadCount = "0" svchost.exe Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config svchost.exe Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyInternetBytes = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyRateFrCnt = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\KVFileExpirationTime = "132894049420648817" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\InternetConnectionCount = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\SwarmCount = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\UploadMonthlyInternetBytes = "0" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\DownloadMonthlyGroupBytes = "0" svchost.exe Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\Geo_EndpointFullUri = "https://geo.prod.do.dsp.mp.microsoft.com/geo" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\SwarmCount = "1" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage\CDNConnectionCount = "0" svchost.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe Token: SeRestorePrivilege 2980 TiWorker.exe Token: SeSecurityPrivilege 2980 TiWorker.exe Token: SeBackupPrivilege 2980 TiWorker.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b23fe1a321b8f7b9f0736574a98d115853c84ca6934752e4be13771eec4ac7b7.exe"C:\Users\Admin\AppData\Local\Temp\b23fe1a321b8f7b9f0736574a98d115853c84ca6934752e4be13771eec4ac7b7.exe"1⤵
- Adds Run key to start application
PID:1728
-
C:\Windows\system32\MusNotifyIcon.exe%systemroot%\system32\MusNotifyIcon.exe NotifyTrayIcon 131⤵
- Checks processor information in registry
PID:2032
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3392
-
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2980
Network
-
Remote address:8.8.8.8:53Requestgeo.prod.do.dsp.mp.microsoft.comIN AResponsegeo.prod.do.dsp.mp.microsoft.comIN CNAMEgeo.prod.do.dsp.trafficmanager.netgeo.prod.do.dsp.trafficmanager.netIN CNAMEarray616.prod.do.dsp.mp.microsoft.comarray616.prod.do.dsp.mp.microsoft.comIN A20.54.25.4
-
Remote address:8.8.8.8:53Requestkv801.prod.do.dsp.mp.microsoft.comIN AResponsekv801.prod.do.dsp.mp.microsoft.comIN CNAMEkv801.prod.do.dsp.mp.microsoft.com.edgekey.netkv801.prod.do.dsp.mp.microsoft.com.edgekey.netIN CNAMEe12437.g.akamaiedge.nete12437.g.akamaiedge.netIN A184.29.205.60
-
GEThttps://kv801.prod.do.dsp.mp.microsoft.com/all?doClientVersion=10.0.19041.1266&countryCode=US&profile=256&CacheId=1NetworkServiceRemote address:184.29.205.60:443RequestGET /all?doClientVersion=10.0.19041.1266&countryCode=US&profile=256&CacheId=1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Microsoft-Delivery-Optimization/10.0
MS-CV: dPWM5xm4ekSNTmjw.2.1.1
Content-Length: 0
Host: kv801.prod.do.dsp.mp.microsoft.com
ResponseHTTP/1.1 200 OK
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 808
Cache-Control: max-age=25
Date: Sun, 13 Feb 2022 12:22:28 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestcp801.prod.do.dsp.mp.microsoft.comIN AResponsecp801.prod.do.dsp.mp.microsoft.comIN CNAMEcp801.prod.do.dsp.mp.microsoft.com.edgekey.netcp801.prod.do.dsp.mp.microsoft.com.edgekey.netIN CNAMEe12437.g.akamaiedge.nete12437.g.akamaiedge.netIN A184.29.205.60
-
GEThttps://cp801.prod.do.dsp.mp.microsoft.com/v3/content?Id=aqNSTVn6Z-S11CUPqJBC6j-rNd-FvNcwi4vtViIWIhg%253D&doClientVersion=10.0.19041.1266&altCatalogId=http%3A%2F%2Fmsedge.b.tlu.dl.delivery.mp.microsoft.com%2Ffilestreamingservice%2Ffiles%2F1f45075c-2899-44e9-9bd8-03649da92f34&countryCode=US&profile=256&CacheId=1NetworkServiceRemote address:184.29.205.60:443RequestGET /v3/content?Id=aqNSTVn6Z-S11CUPqJBC6j-rNd-FvNcwi4vtViIWIhg%253D&doClientVersion=10.0.19041.1266&altCatalogId=http%3A%2F%2Fmsedge.b.tlu.dl.delivery.mp.microsoft.com%2Ffilestreamingservice%2Ffiles%2F1f45075c-2899-44e9-9bd8-03649da92f34&countryCode=US&profile=256&CacheId=1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Microsoft-Delivery-Optimization/10.0
MS-CV: fGaNESRY70uPCuTNchFYQw.0.2.8.1.1.1
Content-Length: 0
Host: cp801.prod.do.dsp.mp.microsoft.com
ResponseHTTP/1.1 200 OK
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 370
Cache-Control: max-age=33044
Date: Sun, 13 Feb 2022 12:22:40 GMT
Connection: keep-alive
-
GEThttps://cp801.prod.do.dsp.mp.microsoft.com/v3/content?Id=aqNSTVn6Z-S11CUPqJBC6j-rNd-FvNcwi4vtViIWIhg%253D&doClientVersion=10.0.19041.1266&altCatalogId=http%3A%2F%2Fmsedge.b.tlu.dl.delivery.mp.microsoft.com%2Ffilestreamingservice%2Ffiles%2F1f45075c-2899-44e9-9bd8-03649da92f34&countryCode=US&profile=256&CacheId=1NetworkServiceRemote address:184.29.205.60:443RequestGET /v3/content?Id=aqNSTVn6Z-S11CUPqJBC6j-rNd-FvNcwi4vtViIWIhg%253D&doClientVersion=10.0.19041.1266&altCatalogId=http%3A%2F%2Fmsedge.b.tlu.dl.delivery.mp.microsoft.com%2Ffilestreamingservice%2Ffiles%2F1f45075c-2899-44e9-9bd8-03649da92f34&countryCode=US&profile=256&CacheId=1 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Microsoft-Delivery-Optimization/10.0
MS-CV: fGaNESRY70uPCuTNchFYQw.0.2.8.2.1.1
Content-Length: 0
Host: cp801.prod.do.dsp.mp.microsoft.com
ResponseHTTP/1.1 200 OK
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 370
Cache-Control: max-age=33044
Date: Sun, 13 Feb 2022 12:22:40 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Request226.101.242.52.in-addr.arpaIN PTRResponse
-
322 B 7
-
260 B 5
-
260 B 5
-
40 B 1
-
322 B 7
-
1.2kB 3.5kB 12 9
-
184.29.205.60:443https://kv801.prod.do.dsp.mp.microsoft.com/all?doClientVersion=10.0.19041.1266&countryCode=US&profile=256&CacheId=1tls, httpNetworkService1.2kB 7.8kB 11 13
HTTP Request
GET https://kv801.prod.do.dsp.mp.microsoft.com/all?doClientVersion=10.0.19041.1266&countryCode=US&profile=256&CacheId=1HTTP Response
200 -
260 B 5
-
184.29.205.60:443https://cp801.prod.do.dsp.mp.microsoft.com/v3/content?Id=aqNSTVn6Z-S11CUPqJBC6j-rNd-FvNcwi4vtViIWIhg%253D&doClientVersion=10.0.19041.1266&altCatalogId=http%3A%2F%2Fmsedge.b.tlu.dl.delivery.mp.microsoft.com%2Ffilestreamingservice%2Ffiles%2F1f45075c-2899-44e9-9bd8-03649da92f34&countryCode=US&profile=256&CacheId=1tls, httpNetworkService1.4kB 7.3kB 11 13
HTTP Request
GET https://cp801.prod.do.dsp.mp.microsoft.com/v3/content?Id=aqNSTVn6Z-S11CUPqJBC6j-rNd-FvNcwi4vtViIWIhg%253D&doClientVersion=10.0.19041.1266&altCatalogId=http%3A%2F%2Fmsedge.b.tlu.dl.delivery.mp.microsoft.com%2Ffilestreamingservice%2Ffiles%2F1f45075c-2899-44e9-9bd8-03649da92f34&countryCode=US&profile=256&CacheId=1HTTP Response
200 -
184.29.205.60:443https://cp801.prod.do.dsp.mp.microsoft.com/v3/content?Id=aqNSTVn6Z-S11CUPqJBC6j-rNd-FvNcwi4vtViIWIhg%253D&doClientVersion=10.0.19041.1266&altCatalogId=http%3A%2F%2Fmsedge.b.tlu.dl.delivery.mp.microsoft.com%2Ffilestreamingservice%2Ffiles%2F1f45075c-2899-44e9-9bd8-03649da92f34&countryCode=US&profile=256&CacheId=1tls, httpNetworkService1.4kB 7.3kB 11 13
HTTP Request
GET https://cp801.prod.do.dsp.mp.microsoft.com/v3/content?Id=aqNSTVn6Z-S11CUPqJBC6j-rNd-FvNcwi4vtViIWIhg%253D&doClientVersion=10.0.19041.1266&altCatalogId=http%3A%2F%2Fmsedge.b.tlu.dl.delivery.mp.microsoft.com%2Ffilestreamingservice%2Ffiles%2F1f45075c-2899-44e9-9bd8-03649da92f34&countryCode=US&profile=256&CacheId=1HTTP Response
200
-
78 B 165 B 1 1
DNS Request
geo.prod.do.dsp.mp.microsoft.com
DNS Response
20.54.25.4
-
80 B 190 B 1 1
DNS Request
kv801.prod.do.dsp.mp.microsoft.com
DNS Response
184.29.205.60
-
80 B 190 B 1 1
DNS Request
cp801.prod.do.dsp.mp.microsoft.com
DNS Response
184.29.205.60
-
73 B 147 B 1 1
DNS Request
226.101.242.52.in-addr.arpa