Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

USB Safe.rar

windows10-ltsc 2021-x64

8

Client.exe

windows10-ltsc 2021-x64

DKey.dll

windows10-ltsc 2021-x64

8

HPSafeBox/...a1652}

windows10-ltsc 2021-x64

8

HPSafeBox/desktop.ini

windows10-ltsc 2021-x64

8

ProgramDat...32.dll

windows10-ltsc 2021-x64

8

ProgramDat...64.dll

windows10-ltsc 2021-x64

8

ProgramData/FP/FP.exe

windows10-ltsc 2021-x64

ProgramData/Key.dll

windows10-ltsc 2021-x64

8

ProgramDat...ok.dll

windows10-ltsc 2021-x64

8

ProgramDat...re.dll

windows10-ltsc 2021-x64

8

ProgramDat...re.ini

windows10-ltsc 2021-x64

8

ProgramDat...64.dll

windows10-ltsc 2021-x64

8

ProgramDat...MX.dll

windows10-ltsc 2021-x64

8

ProgramDat...ll.dll

windows10-ltsc 2021-x64

8

ProgramDat...ce.dll

windows10-ltsc 2021-x64

8

ProgramDat...er.dll

windows10-ltsc 2021-x64

8

ProgramDat...er.dll

windows10-ltsc 2021-x64

8

ProgramDat...ug.log

windows10-ltsc 2021-x64

3

ProgramDat...rc.dll

windows10-ltsc 2021-x64

8

ProgramDat...32.dll

windows10-ltsc 2021-x64

8

ProgramDat...15.dll

windows10-ltsc 2021-x64

8

ProgramDat...tu.dll

windows10-ltsc 2021-x64

8

ProgramDat...cu.dll

windows10-ltsc 2021-x64

8

ProgramDat...kc.dll

windows10-ltsc 2021-x64

8

ProgramDat...in.dll

windows10-ltsc 2021-x64

8

ProgramDat...ol.dll

windows10-ltsc 2021-x64

8

ProgramDat...io.dll

windows10-ltsc 2021-x64

8

ProgramDat...er.dll

windows10-ltsc 2021-x64

8

ProgramDat...en.dll

windows10-ltsc 2021-x64

8

ProgramDat...efault

windows10-ltsc 2021-x64

desktop.ini

windows10-ltsc 2021-x64

8

Analysis

  • max time kernel
    410s
  • max time network
    485s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250207-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    14/02/2025, 10:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ProgramData/splayer/csfcodec/mpc_mcufilecu.dll

  • Size

    92KB

  • MD5

    ebc40e6239ac8f4f540707ee091dd30b

  • SHA1

    2f830b951a68ce9700ef7a47fa2d3be9db285643

  • SHA256

    2e551151c3fc7dc88a462f46bad62d8e2022ab6a7b3250da0eaa1d1bad81e1f3

  • SHA512

    891016940c2ba93fde6b78101c661dd70534c462183da6776873d8b08351431e76d60ab70b84d82e11b98ec6d7e5c6f8b25c421408187331b4346ef85c0dd351

  • SSDEEP

    1536:BRXoPAI/8ETdo2vH31ihB8uu8HCLOUXw5XZkwQwuFnsFjFUJipl6hh/llE+De:XXnI/8ETdtvHliLDcLw5aeXUJipl6D/e

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\payload.dll
    1⤵
      PID:3360
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
      1⤵
      • System Location Discovery: System Language Discovery
      PID:2768
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTI2NkI0MzItMDk4RS00NjBFLUFDMDItNDc3NTE5RDMwMEZEfSIgdXNlcmlkPSJ7NTkyNTNCQUYtMEZERC00MTY4LTgzNUMtMTU3RkEyNDc1MTE1fSIgaW5zdGFsbHNvdXJjZT0iY29yZSIgcmVxdWVzdGlkPSJ7MTlFMzgzMUQtRTc5Mi00MTg5LTk0NDgtQ0IwNEI5ODBDMTVBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgY29ob3J0PSJycmZAMC4xMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI0IiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9Ins4MjRBMkFDNy1BRDQ5LTQ3OTUtQjJERC1DQjM3NjJCRjE4MTR9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTMyLjAuMjk1Ny4xNDAiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMyI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYzOTMxMTI3OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjM5MzExMjc4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjYxNTMxNDUyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDc0MDAzNmEtNGUxOC00NTZkLTk2ZmEtZDFkOWM0Y2E0Njc2P1AxPTE3Mzk4NzM2OTYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RGJHMk56Rm80JTJiZm5CQnQ4eXdRNHFKbG5odmhXNnl0V2N5VlU0bWtLZzV6TiUyZm1tRDN0S0luRzRiNU92bkppJTJibXFpdlglMmZrV2paNSUyYmNlQkJOMkxpJTJma1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAxMjg2NiIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODY2MTUzMTQ1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDc0MDAzNmEtNGUxOC00NTZkLTk2ZmEtZDFkOWM0Y2E0Njc2P1AxPTE3Mzk4NzM2OTYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RGJHMk56Rm80JTJiZm5CQnQ4eXdRNHFKbG5odmhXNnl0V2N5VlU0bWtLZzV6TiUyZm1tRDN0S0luRzRiNU92bkppJTJibXFpdlglMmZrV2paNSUyYmNlQkJOMkxpJTJma1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIyNTI2Mjg0NCIgdG90YWw9IjE3NzE4MDIxNiIgZG93bmxvYWRfdGltZV9tcz0iMTkzNjIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDEyODg5IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjYxNTMxNDUyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJ3aW5odHRwIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wNzQwMDM2YS00ZTE4LTQ1NmQtOTZmYS1kMWQ5YzRjYTQ2NzY_UDE9MTczOTg3MzY5NiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1EYkcyTnpGbzQlMmJmbkJCdDh5d1E0cUpsbmh2aFc2eXRXY3lWVTRta0tnNXpOJTJmbW1EM3RLSW5HNGI1T3ZuSmklMmJtcWl2WCUyZmtXalo1JTJiY2VCQk4yTGklMmZrUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjYxNTMxNDUyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDc0MDAzNmEtNGUxOC00NTZkLTk2ZmEtZDFkOWM0Y2E0Njc2P1AxPTE3Mzk4NzM2OTYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RGJHMk56Rm80JTJiZm5CQnQ4eXdRNHFKbG5odmhXNnl0V2N5VlU0bWtLZzV6TiUyZm1tRDN0S0luRzRiNU92bkppJTJibXFpdlglMmZrV2paNSUyYmNlQkJOMkxpJTJma1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAxMjg5NCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODY2MTUzMTQ1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDc0MDAzNmEtNGUxOC00NTZkLTk2ZmEtZDFkOWM0Y2E0Njc2P1AxPTE3Mzk4NzM2OTYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RGJHMk56Rm80JTJiZm5CQnQ4eXdRNHFKbG5odmhXNnl0V2N5VlU0bWtLZzV6TiUyZm1tRDN0S0luRzRiNU92bkppJTJibXFpdlglMmZrV2paNSUyYmNlQkJOMkxpJTJma1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSI1MDcyNTc4NiIgdG90YWw9IjE3NzE4MDIxNiIgZG93bmxvYWRfdGltZV9tcz0iMjYwOTkyODM2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDEyODk0IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjYxNTMxNDUyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJ3aW5odHRwIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wNzQwMDM2YS00ZTE4LTQ1NmQtOTZmYS1kMWQ5YzRjYTQ2NzY_UDE9MTczOTg3MzY5NiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1EYkcyTnpGbzQlMmJmbkJCdDh5d1E0cUpsbmh2aFc2eXRXY3lWVTRta0tnNXpOJTJmbW1EM3RLSW5HNGI1T3ZuSmklMmJtcWl2WCUyZmtXalo1JTJiY2VCQk4yTGklMmZrUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9Ijk2LjE3LjE3OC4xNDEiIGNkbl9jaWQ9IjIiIGNkbl9jY2M9IkdCIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTIyMzMxNDIwIiB0b3RhbD0iMTc3MTgwMjE2IiBkb3dubG9hZF90aW1lX21zPSI1Nzc2NiIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIyNjg0MzU0NjMiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2NjE2ODc1MDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxNzgyIiBkb3dubG9hZF90aW1lX21zPSIyNjEyODUwNTciIHRvdGFsPSIxNzcxODAyMTYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIi8-PHBpbmcgYWN0aXZlPSIwIiByPSI0IiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9Ins5NTg0QjVCNS1ENzEyLTQwNkYtODU4Qi1DNTlCMjcyRUQ4MjV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGU9IjY2MDgiIGNvaG9ydD0icnJmQDAuNjciPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iNCIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7NUNFMjQzMDYtQTZBMS00Mzc1LUIzMDItQkFEQkMzMTBFRkUzfSIvPjwvYXBwPjwvcmVxdWVzdD4
      1⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:2884
    • C:\Windows\SysWOW64\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5096" "956" "928" "960" "0" "0" "0" "0" "0" "0" "0" "0"
      1⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:2388

    Network

    • flag-us
      DNS
      fd.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      fd.api.iris.microsoft.com
      IN A
      Response
      fd.api.iris.microsoft.com
      IN CNAME
      fd-api-iris.trafficmanager.net
      fd-api-iris.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
      IN A
      20.223.36.55
    • flag-us
      DNS
      msedge.b.tlu.dl.delivery.mp.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      msedge.b.tlu.dl.delivery.mp.microsoft.com
      IN A
      Response
      msedge.b.tlu.dl.delivery.mp.microsoft.com
      IN CNAME
      star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com
      star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com
      IN CNAME
      cdp-f-tlu-net.trafficmanager.net
      cdp-f-tlu-net.trafficmanager.net
      IN CNAME
      wildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.net
      wildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.net
      IN CNAME
      a1847.dscd.akamai.net
      a1847.dscd.akamai.net
      IN A
      96.17.178.141
      a1847.dscd.akamai.net
      IN A
      96.17.178.199
    • flag-gb
      GET
      http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739873696&P2=404&P3=2&P4=DbG2NzFo4%2bfnBBt8ywQ4qJlnhvhW6ytWcyVU4mkKg5zN%2fmmD3tKInG4b5OvnJi%2bmqivX%2fkWjZ5%2bceBBN2Li%2fkQ%3d%3d
      Remote address:
      96.17.178.141:80
      Request
      GET /filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739873696&P2=404&P3=2&P4=DbG2NzFo4%2bfnBBt8ywQ4qJlnhvhW6ytWcyVU4mkKg5zN%2fmmD3tKInG4b5OvnJi%2bmqivX%2fkWjZ5%2bceBBN2Li%2fkQ%3d%3d HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Microsoft Edge Update/1.3.195.43;winhttp
      X-Old-UID: {F89E2DBB-6EB6-4964-8571-0EF18F342C39}; age=-1; cnt=2
      X-Last-HR: 0x80072ee2
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 1
      X-HTTP-Attempts: 6
      Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: public, max-age=17280000
      Content-Type: application/octet-stream
      Accept-Ranges: bytes
      Server: Microsoft-IIS/10.0
      X-AspNetMvc-Version: 5.3
      MS-CorrelationId: 6f60f8cc-e39b-44d3-b4d4-339059ed8366
      MS-RequestId: c8e2eff3-3eeb-4f9c-9dc9-9aaf7fc8a933
      MS-CV: y9dBBsu9vkmE74iU.0
      X-AspNet-Version: 4.0.30319
      X-Powered-By: ASP.NET
      X-Powered-By: ARR/3.0
      X-Powered-By: ASP.NET
      Last-Modified: Thu, 30 Jan 2025 22:24:43 GMT
      ETag: "Zn30nCFs7P9yX7o9FILxqytRM2k="
      Content-Length: 177180216
      Date: Fri, 14 Feb 2025 10:48:44 GMT
      Connection: keep-alive
      X-CID: 2
      X-CCC: GB
    • 20.223.36.55:443
      fd.api.iris.microsoft.com
      tls
      966 B
       9.3kB
       12
      8
    • 91.80.49.22:80
      46 B
       1
    • 96.17.178.141:80
      http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739873696&P2=404&P3=2&P4=DbG2NzFo4%2bfnBBt8ywQ4qJlnhvhW6ytWcyVU4mkKg5zN%2fmmD3tKInG4b5OvnJi%2bmqivX%2fkWjZ5%2bceBBN2Li%2fkQ%3d%3d
      http
      6.0MB
       147.7MB
       88947
      105991

      HTTP Request

      GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0740036a-4e18-456d-96fa-d1d9c4ca4676?P1=1739873696&P2=404&P3=2&P4=DbG2NzFo4%2bfnBBt8ywQ4qJlnhvhW6ytWcyVU4mkKg5zN%2fmmD3tKInG4b5OvnJi%2bmqivX%2fkWjZ5%2bceBBN2Li%2fkQ%3d%3d

      HTTP Response

      200
    • 8.8.8.8:53
      fd.api.iris.microsoft.com
      dns
      71 B
       199 B
       1
      1

      DNS Request

      fd.api.iris.microsoft.com

      DNS Response

      20.223.36.55

    • 8.8.8.8:53
      msedge.b.tlu.dl.delivery.mp.microsoft.com
      dns
      87 B
       328 B
       1
      1

      DNS Request

      msedge.b.tlu.dl.delivery.mp.microsoft.com

      DNS Response

      96.17.178.141
      96.17.178.199

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
      Filesize

      887KB

      MD5

      e8ce73897e363d645fb1c84ccf84e2c4

      SHA1

      d9d56dd04e0a49ae6b4a262c05d0903e1ab9b4a7

      SHA256

      4a01f680b02b55fdb81b6910b36837da86491706227ec064a74bffe472dbb9bc

      SHA512

      3523a44531e105fa6af7d8b7299dd9fb75fe8ebcba1a392c596ec4c257d95ca4f8d7325e054a701e44986d4187172ca420a805df5093f7055d920b4370c67c0a

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.