Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Wopti.v7.9...ab.dll

windows7-x64

1

Wopti.v7.9...ab.dll

windows10-2004-x64

3

Wopti.v7.9...ag.dll

windows7-x64

1

Wopti.v7.9...ag.dll

windows10-2004-x64

1

Wopti.v7.9...ta.dll

windows7-x64

1

Wopti.v7.9...ta.dll

windows10-2004-x64

1

Wopti.v7.9...ct.sys

windows7-x64

1

Wopti.v7.9...ct.sys

windows10-2004-x64

1

Wopti.v7.9...2P.dll

windows7-x64

1

Wopti.v7.9...2P.dll

windows10-2004-x64

3

Wopti.v7.9...es.exe

windows7-x64

7

Wopti.v7.9...es.exe

windows10-2004-x64

7

Wopti.v7.9...be.dll

windows7-x64

1

Wopti.v7.9...be.dll

windows10-2004-x64

1

Wopti.v7.9...��.url

windows7-x64

1

Wopti.v7.9...��.url

windows10-2004-x64

1

Wopti.v7.9...��.exe

windows7-x64

7

Wopti.v7.9...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 11:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Wopti.v7.91.Build.9.115.By.MyCrack/WoptiUtilities.exe

  • Size

    2.1MB

  • MD5

    aacdb052b4adfc3e570a7a6619719c58

  • SHA1

    028f5442c31a29f19cf837d0818d89f7d933e167

  • SHA256

    81b87dd0a52d81cc0426dce1c26e9db39073bb28389ab24c0ec12ac4756c4c06

  • SHA512

    f67e01fae7efc63852756a92815b313070bf2bbad63bc3b743e8f63b7532afb14205be0061f225249d88814b2c363077f8ecc9cfdf269ab188a3f69c1f2e33e7

  • SSDEEP

    24576:kMguKLQHQ4rCdAZBG7N6wCRGTwjsOWsCMPqWJuOBveeBrv9KDxb020B9HEihsKmr:kMRBTnqN6wCREXpeJm2EiQ94nt7/q5

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 24 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Wopti.v7.91.Build.9.115.By.MyCrack\WoptiUtilities.exe
    "C:\Users\Admin\AppData\Local\Temp\Wopti.v7.91.Build.9.115.By.MyCrack\WoptiUtilities.exe"
    1⤵
    • Checks BIOS information in registry
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Checks SCSI registry key(s)
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\romC6F9.tmp.exe > C:\Users\Admin\AppData\Local\Temp\romC6F9.tmp
      2⤵
        PID:1600
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x2c8 0x4ec
      1⤵
        PID:5444

      Network

      • flag-us
        DNS
        241.150.49.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.150.49.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=04971CB6AB026CB81B900877AAE26DA3; domain=.bing.com; expires=Wed, 13-Aug-2025 11:46:59 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: D49272A3A8E7493982C9AEF73B0D3756 Ref B: LON04EDGE1119 Ref C: 2024-07-19T11:46:59Z
        date: Fri, 19 Jul 2024 11:46:58 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=04971CB6AB026CB81B900877AAE26DA3
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=JMIzLjaFBkL8ZsQVeiN-20YwP8y4e4aEZBQpLEQgK60; domain=.bing.com; expires=Wed, 13-Aug-2025 11:46:59 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 02946AC2A0864A479A8127998A3B6609 Ref B: LON04EDGE1119 Ref C: 2024-07-19T11:46:59Z
        date: Fri, 19 Jul 2024 11:46:58 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=04971CB6AB026CB81B900877AAE26DA3; MSPTC=JMIzLjaFBkL8ZsQVeiN-20YwP8y4e4aEZBQpLEQgK60
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: C0A7E08863F046949BC6FE2F96119946 Ref B: LON04EDGE1119 Ref C: 2024-07-19T11:46:59Z
        date: Fri, 19 Jul 2024 11:46:58 GMT
      • flag-us
        DNS
        237.21.107.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.21.107.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        20.160.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        20.160.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        s1.wopti.net
        WoptiUtilities.exe
        Remote address:
        8.8.8.8:53
        Request
        s1.wopti.net
        IN A
        Response
      • flag-us
        DNS
        196.249.167.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        196.249.167.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        43.58.199.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.58.199.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        21.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        21.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.236.111.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        ax-0001.ax-msedge.net
        ax-0001.ax-msedge.net
        IN A
        150.171.28.10
        ax-0001.ax-msedge.net
        IN A
        150.171.27.10
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 532229
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 3115F8DD281B4E608AE5A953D994C445 Ref B: LON04EDGE0916 Ref C: 2024-07-19T11:48:36Z
        date: Fri, 19 Jul 2024 11:48:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 554838
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: F772CFAF09364177AB979A2976335E65 Ref B: LON04EDGE0916 Ref C: 2024-07-19T11:48:36Z
        date: Fri, 19 Jul 2024 11:48:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301060_1R4MHRP0LUJX09GMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301060_1R4MHRP0LUJX09GMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 761871
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 489CE8C4CD1A4A94882AFA64B05704F6 Ref B: LON04EDGE0916 Ref C: 2024-07-19T11:48:36Z
        date: Fri, 19 Jul 2024 11:48:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 665717
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 3DD753A0EDE741A288E6D603CB51DCBB Ref B: LON04EDGE0916 Ref C: 2024-07-19T11:48:36Z
        date: Fri, 19 Jul 2024 11:48:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 458468
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: DE86AE7E4B0C495389EFE9F03C3D0330 Ref B: LON04EDGE0916 Ref C: 2024-07-19T11:48:36Z
        date: Fri, 19 Jul 2024 11:48:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 910935
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 079EA4FC8438434EA0B117FF08A8A347 Ref B: LON04EDGE0916 Ref C: 2024-07-19T11:48:36Z
        date: Fri, 19 Jul 2024 11:48:35 GMT
      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        10.28.171.150.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        10.28.171.150.in-addr.arpa
        IN PTR
        Response
      • 13.107.21.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
        tls, http2
        2.0kB
         9.3kB
         21
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=fcb4918325b74af0964e14685268be41&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

        HTTP Response

        204
      • 52.111.236.22:443
        322 B
         7
      • 150.171.28.10:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        tls, http2
        141.0kB
         4.0MB
         2926
        2921

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301060_1R4MHRP0LUJX09GMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         6.9kB
         15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         6.9kB
         15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         6.9kB
         15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         6.9kB
         15
        13
      • 8.8.8.8:53
        241.150.49.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.150.49.20.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        13.107.21.237
        204.79.197.237

      • 8.8.8.8:53
        237.21.107.13.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        237.21.107.13.in-addr.arpa

      • 8.8.8.8:53
        20.160.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        20.160.190.20.in-addr.arpa

      • 8.8.8.8:53
        s1.wopti.net
        dns
        WoptiUtilities.exe
        58 B
         111 B
         1
        1

        DNS Request

        s1.wopti.net

      • 8.8.8.8:53
        196.249.167.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        196.249.167.52.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        43.58.199.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        43.58.199.20.in-addr.arpa

      • 8.8.8.8:53
        21.236.111.52.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        21.236.111.52.in-addr.arpa

        DNS Request

        21.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         170 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        150.171.28.10
        150.171.27.10

      • 8.8.8.8:53
        88.156.103.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        88.156.103.20.in-addr.arpa

      • 8.8.8.8:53
        10.28.171.150.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        10.28.171.150.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Wopti.v7.91.Build.9.115.By.MyCrack\Devs.tmp
        Filesize

        819KB

        MD5

        fd256d9f54ba68c432aff9a36d43de35

        SHA1

        7820a28ab8d360886e84c2517275db2c0bfbed14

        SHA256

        1ff1f3a34752e9b4a71cbe189a29c2ac19fe7faa1c56076e76e271a55a44b47e

        SHA512

        e8069747f68032ef48afe80dec9edbdec8fc5ea041a894d751c9a8b65ee5eddec71d2495ef32c9f892a8c0f2ed501b3c4afa10f66a2ade7fb089bc284ed22c98

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Wopti.v7.91.Build.9.115.By.MyCrack\Set.ini
        Filesize

        22B

        MD5

        8526ab457074d902cb0840cde8db3956

        SHA1

        3faab54c0039e50b1606d462f8f38d49759ad9ff

        SHA256

        579ae99e25c7b8222acf14f5307224912dfca20f465be7a66485f729ad1f8077

        SHA512

        642c985ca4ac088e6bcafc4eb45e02f1b0bed2be405ad3d3cf1ee9e964da7c60a03ec0ea6ffe89f97646c63924e7bb6a053426b99dfc5f691bb3bb1e746b386f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\romC6F9.tmp.exe
        Filesize

        240B

        MD5

        3359a9e4e97e802bf2269be93d360f62

        SHA1

        63dc0d559cb8dc86168d902489f92b65861376ef

        SHA256

        72b682830825f59cac469868288bb9a91a6674ebc0ff280108fbe76c714395ff

        SHA512

        c2396baa8c14b90634d3b04cdfcaebdadede8377b114e8528f1174e7fdc39cb19032458a894db52ba9f42589822557af48823636737657fda97ca6a325a11838

        Download Submit

      • memory/2632-3-0x0000000000A29000-0x0000000000A2A000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2632-4-0x0000000000400000-0x0000000000A2A000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/2632-5-0x0000000000400000-0x0000000000A2A000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/2632-0-0x0000000000400000-0x0000000000A2A000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/2632-2-0x0000000010000000-0x00000000100AD000-memory.dmp

        Filesize

        692KB

        Download

      • memory/2632-1-0x0000000001010000-0x0000000001077000-memory.dmp

        Filesize

        412KB

        Download

      • memory/2632-626-0x0000000001010000-0x0000000001077000-memory.dmp

        Filesize

        412KB

        Download

      • memory/2632-625-0x0000000010000000-0x00000000100AD000-memory.dmp

        Filesize

        692KB

        Download

      • memory/2632-624-0x0000000000400000-0x0000000000A2A000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/2632-630-0x0000000000A29000-0x0000000000A2A000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2632-627-0x0000000000400000-0x0000000000A2A000-memory.dmp

        Filesize

        6.2MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.