Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

6548b31d17...6b.exe

windows7-x64

7

6548b31d17...6b.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/02/2025, 03:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/System.dll

  • Size

    11KB

  • MD5

    cf85183b87314359488b850f9e97a698

  • SHA1

    6b6c790037eec7ebea4d05590359cb4473f19aea

  • SHA256

    3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac

  • SHA512

    fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b

  • SSDEEP

    96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4448
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 612
        3⤵
        • Program crash
        PID:1152
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4448 -ip 4448
    1⤵
      PID:1108
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTA4OEU0M0EtRThCMC00NDIyLTk1MkItQkRCQkVBOTdGM0VEfSIgdXNlcmlkPSJ7RjQ3NzZDMjUtNEI3MS00MjA1LUE5QTQtQkQyOTZGMzFFMDJCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NEQ4OTdFRkQtNzNGOC00QkQ1LTg5MTItNTlFRkVGOUU5MTQ2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY0MzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODc1OTU2NTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDI2NzM2NTg0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
      1⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:1544

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.ax-0001.ax-msedge.net
      g-bing-com.ax-0001.ax-msedge.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid=
      Remote address:
      150.171.28.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=17ED81AA510D66D81313942450866725; domain=.bing.com; expires=Fri, 06-Mar-2026 14:24:11 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B036980844BB41859ED0A3CA7A7E9DDF Ref B: FRA31EDGE0511 Ref C: 2025-02-09T14:24:11Z
      date: Sun, 09 Feb 2025 14:24:11 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid=
      Remote address:
      150.171.28.10:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=17ED81AA510D66D81313942450866725
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=z_X4NHp6nReXnkowLUtZFCO1SqhK6HjZcJOjijDtFAg; domain=.bing.com; expires=Fri, 06-Mar-2026 14:24:13 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E43EFDC24A0E4D58BA5F39B831D07DE1 Ref B: FRA31EDGE0511 Ref C: 2025-02-09T14:24:13Z
      date: Sun, 09 Feb 2025 14:24:12 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid=
      Remote address:
      150.171.28.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=17ED81AA510D66D81313942450866725; MSPTC=z_X4NHp6nReXnkowLUtZFCO1SqhK6HjZcJOjijDtFAg
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5EBFFF9678E64BABB0C44A44A8D0C1DB Ref B: FRA31EDGE0511 Ref C: 2025-02-09T14:24:20Z
      date: Sun, 09 Feb 2025 14:24:20 GMT
    • flag-us
      DNS
      msedge.api.cdp.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      msedge.api.cdp.microsoft.com
      IN A
      Response
      msedge.api.cdp.microsoft.com
      IN CNAME
      api.cdp.microsoft.com
      api.cdp.microsoft.com
      IN CNAME
      glb.api.prod.dcat.dsp.trafficmanager.net
      glb.api.prod.dcat.dsp.trafficmanager.net
      IN A
      172.169.87.222
    • flag-us
      POST
      https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates
      Remote address:
      172.169.87.222:443
      Request
      POST /api/v2/contents/Browser/namespaces/Default/names?action=batchupdates HTTP/2.0
      host: msedge.api.cdp.microsoft.com
      cache-control: no-cache
      pragma: no-cache
      content-type: application/json
      user-agent: Microsoft Edge Update/1.3.195.43;winhttp
      x-old-uid: {F07F94AD-2D61-421C-9371-9D3F6EAA16CE}; age=-1; cnt=2
      ms-correlationid: {1088E43A-E8B0-4422-952B-BDBBEA97F3ED}
      ms-requestid: {B9BBC977-A355-4130-B16C-5778D90FBC0C}
      ms-cv: OuSIELDoIkSVK7276pfz7Q.0
      x-last-hr: 0x0
      x-last-http-status-code: 0
      x-retry-count: 0
      x-http-attempts: 1
      content-length: 2540
      Response
      HTTP/2.0 200
      content-type: text/plain; charset=utf-8
      content-type: application/json; charset=utf-8
      date: Sun, 09 Feb 2025 14:24:35 GMT
      content-length: 298
      ms-correlationid: 1088e43a-e8b0-4422-952b-bdbbea97f3ed
      ms-requestid: b9bbc977-a355-4130-b16c-5778d90fbc0c
      ms-cv: {1088E43A-E8B0-4422-952B-BDBBEA97F3ED}.0
    • flag-us
      POST
      https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false
      Remote address:
      172.169.87.222:443
      Request
      POST /api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false HTTP/2.0
      host: msedge.api.cdp.microsoft.com
      cache-control: no-cache
      pragma: no-cache
      content-type: application/json
      user-agent: Microsoft Edge Update/1.3.195.43;winhttp
      x-old-uid: {F07F94AD-2D61-421C-9371-9D3F6EAA16CE}; age=-1; cnt=2
      ms-correlationid: {1088E43A-E8B0-4422-952B-BDBBEA97F3ED}
      ms-requestid: {3705F97A-9F9D-4530-8885-4BE8D686947B}
      ms-cv: OuSIELDoIkSVK7276pfz7Q.1
      x-last-hr: 0x0
      x-last-http-status-code: 0
      x-retry-count: 0
      x-http-attempts: 1
      content-length: 2
      Response
      HTTP/2.0 200
      content-type: text/plain; charset=utf-8
      content-type: application/json; charset=utf-8
      date: Sun, 09 Feb 2025 14:24:36 GMT
      content-length: 5365
      ms-correlationid: 1088e43a-e8b0-4422-952b-bdbbea97f3ed
      ms-requestid: 3705f97a-9f9d-4530-8885-4be8d686947b
      ms-cv: {1088E43A-E8B0-4422-952B-BDBBEA97F3ED}.0
    • flag-us
      DNS
      msedge.b.tlu.dl.delivery.mp.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      msedge.b.tlu.dl.delivery.mp.microsoft.com
      IN A
      Response
      msedge.b.tlu.dl.delivery.mp.microsoft.com
      IN CNAME
      star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com
      star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com
      IN CNAME
      cdp-f-tlu-net.trafficmanager.net
      cdp-f-tlu-net.trafficmanager.net
      IN CNAME
      fg.microsoft.map.fastly.net
      fg.microsoft.map.fastly.net
      IN A
      199.232.210.172
      fg.microsoft.map.fastly.net
      IN A
      199.232.214.172
    • flag-us
      HEAD
      http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d
      Remote address:
      199.232.210.172:80
      Request
      HEAD /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      User-Agent: Microsoft BITS/7.8
      X-Old-UID: {F07F94AD-2D61-421C-9371-9D3F6EAA16CE}; age=-1; cnt=2
      X-Last-HR: 0x80070422
      X-Last-HTTP-Status-Code: 500
      X-Retry-Count: 0
      X-HTTP-Attempts: 2
      Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
      Response
      HTTP/1.1 200 OK
      Connection: keep-alive
      Content-Length: 177180216
      Cache-Control: public, max-age=17280000
      Content-Type: application/octet-stream
      MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
      MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
      MS-CV: y9dBBsu9vkmE74iU.0
      Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
      ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
      Accept-Ranges: bytes
      Date: Sun, 09 Feb 2025 14:24:46 GMT
      Via: 1.1 varnish
      Age: 829861
      X-Served-By: cache-lon4249-LON
      X-Cache: HIT
      X-Cache-Hits: 2079
      X-Timer: S1739111086.387871,VS0,VE0
      X-CID: 3
      X-CCC: GB
    • flag-us
      GET
      http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d
      Remote address:
      199.232.210.172:80
      Request
      GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
      Range: bytes=0-1119
      User-Agent: Microsoft BITS/7.8
      X-Old-UID: {F07F94AD-2D61-421C-9371-9D3F6EAA16CE}; age=-1; cnt=2
      X-Last-HR: 0x80070422
      X-Last-HTTP-Status-Code: 500
      X-Retry-Count: 0
      X-HTTP-Attempts: 2
      Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
      Response
      HTTP/1.1 206 Partial Content
      Connection: keep-alive
      Content-Length: 1120
      Cache-Control: public, max-age=17280000
      Content-Type: application/octet-stream
      MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
      MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
      MS-CV: y9dBBsu9vkmE74iU.0
      Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
      ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
      Accept-Ranges: bytes
      Date: Sun, 09 Feb 2025 14:24:52 GMT
      Via: 1.1 varnish
      Age: 829867
      X-Served-By: cache-lon4249-LON
      X-Cache: HIT
      X-Cache-Hits: 2083
      X-Timer: S1739111092.496271,VS0,VE0
      X-CID: 3
      X-CCC: GB
      Content-Range: bytes 0-1119/177180216
    • flag-us
      GET
      http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d
      Remote address:
      199.232.210.172:80
      Request
      GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      If-Unmodified-Since: Thu, 30 Jan 2025 22:24:43 GMT
      Range: bytes=1120-1232
      User-Agent: Microsoft BITS/7.8
      X-Old-UID: {F07F94AD-2D61-421C-9371-9D3F6EAA16CE}; age=-1; cnt=2
      X-Last-HR: 0x80070422
      X-Last-HTTP-Status-Code: 500
      X-Retry-Count: 0
      X-HTTP-Attempts: 2
      Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
    • 150.171.28.10:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid=
      tls, http2
      3.7kB
       10.8kB
       30
      20

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=09292dc510434984ae7c41966d7c0229&localId=w:376360DD-BFBE-CDFD-62F7-2F46AA5C12A4&deviceId=6966574813691752&anid=

      HTTP Response

      204
    • 172.169.87.222:443
      https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false
      tls, http2
      6.2kB
       13.9kB
       27
      20

      HTTP Request

      POST https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates

      HTTP Response

      200

      HTTP Request

      POST https://msedge.api.cdp.microsoft.com/api/v1.1/internal/contents/Browser/namespaces/Default/names/msedge-stable-win-x64/versions/132.0.2957.140/files?action=GenerateDownloadInfo&foregroundPriority=false

      HTTP Response

      200
    • 199.232.210.172:80
      http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d
      http
      5.7kB
       3.8kB
       15
      7

      HTTP Request

      HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d

      HTTP Response

      200

      HTTP Request

      GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d

      HTTP Response

      206

      HTTP Request

      GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739715876&P2=404&P3=2&P4=Rm1YBQQ0ISYm%2fFXIwFEDQyUbhv6BtXzG4DNSWPu0T5Lcc9lAxQolU0p82INdzqw60i0f87lvUe3i9ZUEU3krfw%3d%3d
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       148 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      msedge.api.cdp.microsoft.com
      dns
      74 B
       158 B
       1
      1

      DNS Request

      msedge.api.cdp.microsoft.com

      DNS Response

      172.169.87.222

    • 8.8.8.8:53
      msedge.b.tlu.dl.delivery.mp.microsoft.com
      dns
      87 B
       266 B
       1
      1

      DNS Request

      msedge.b.tlu.dl.delivery.mp.microsoft.com

      DNS Response

      199.232.210.172
      199.232.214.172

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.