Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ada4e2d4db...e8.exe

windows7-x64

7

ada4e2d4db...e8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    187s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 22:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe

  • Size

    3.4MB

  • MD5

    13899b6d5f53870fbc91f21816cd71cf

  • SHA1

    ad749dd657e1e153f4daba64c1a7664c230e17ae

  • SHA256

    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8

  • SHA512

    3e707c26aa78d22261ca0f86d9f6802f22df81022b32cb93db9b56352d046e6ac18d514cb5583bca44bdf6ae578a14956dd7109a49bd40501ab8ee14be333964

  • SSDEEP

    49152:TevyHt8vnzLe5305uqs82SEg2N9yxuoAcgSpePhm0eNSIkZPlgivvIPHZT5d5LhP:Tev6MvU30Ls8j2N9yUdlgiZdi1pq57Yv

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    "C:\Users\Admin\AppData\Local\Temp\ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    PID:2128

Network

  • flag-us
    DNS
    22.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.3.197.209.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.3.197.209.in-addr.arpa
    IN PTR
    Response
    8.3.197.209.in-addr.arpa
    IN PTR
    vip0x008map2sslhwcdnnet
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.81.57.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.81.57.23.in-addr.arpa
    IN PTR
    Response
    29.81.57.23.in-addr.arpa
    IN PTR
    a23-57-81-29deploystaticakamaitechnologiescom
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    down.pc.yyb.qq.com
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    Remote address:
    8.8.8.8:53
    Request
    down.pc.yyb.qq.com
    IN A
    Response
    down.pc.yyb.qq.com
    IN CNAME
    down.pc.yyb.qq.com.cdn.dnsv1.com.cn
    down.pc.yyb.qq.com.cdn.dnsv1.com.cn
    IN CNAME
    iwnq1z8u.sched.dma.tdnsdl1.cn
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    116.153.64.103
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    36.249.92.207
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    116.153.90.68
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    116.153.64.183
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    116.153.90.58
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    116.153.64.78
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    211.90.133.135
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    221.204.165.214
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    116.153.90.115
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    111.206.187.78
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    36.249.92.212
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    116.153.90.78
    iwnq1z8u.sched.dma.tdnsdl1.cn
    IN A
    221.204.165.234
  • flag-us
    DNS
    oth.eve.mdt.qq.com
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    Remote address:
    8.8.8.8:53
    Request
    oth.eve.mdt.qq.com
    IN A
    Response
    oth.eve.mdt.qq.com
    IN CNAME
    ins-5776sx9h.ias.tencent-cloud.net
    ins-5776sx9h.ias.tencent-cloud.net
    IN A
    101.33.47.206
    ins-5776sx9h.ias.tencent-cloud.net
    IN A
    101.33.47.68
  • flag-us
    DNS
    master.etl.desktop.qq.com
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    Remote address:
    8.8.8.8:53
    Request
    master.etl.desktop.qq.com
    IN A
    Response
    master.etl.desktop.qq.com
    IN CNAME
    masterconn11.qq.com
    masterconn11.qq.com
    IN A
    157.255.4.39
  • flag-cn
    GET
    https://down.pc.yyb.qq.com/pc_yyb_sdk/pc_yyb_sdk.json
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    Remote address:
    116.153.64.103:443
    Request
    GET /pc_yyb_sdk/pc_yyb_sdk.json HTTP/1.1
    Connection: Keep-Alive
    User-Agent: TGBDownloader
    Host: down.pc.yyb.qq.com
    Response
    HTTP/1.1 200 OK
    Last-Modified: Tue, 19 Sep 2023 03:54:04 GMT
    Etag: "b2c1f18ddd11b1456428157840b178ab"
    Content-Type: application/json
    Date: Tue, 19 Sep 2023 06:04:39 GMT
    Server: tencent-cos
    Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
    x-cos-hash-crc64ecma: 17754009210743881274
    x-cos-request-id: NjUwOTM5ZjdfYzQ1NGI1MDlfZDU1OV8xNjg0ODYz
    Content-Length: 138
    Accept-Ranges: bytes
    X-NWS-LOG-UUID: 13821167210714483650
    Connection: keep-alive
    X-Cache-Lookup: Cache Hit
  • flag-cn
    GET
    https://down.pc.yyb.qq.com/xy/yyb_management_system/DP1cIBZN.zip
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    Remote address:
    116.153.64.103:443
    Request
    GET /xy/yyb_management_system/DP1cIBZN.zip HTTP/1.1
    Connection: Keep-Alive
    User-Agent: TGBDownloader
    Host: down.pc.yyb.qq.com
    Response
    HTTP/1.1 200 OK
    Last-Modified: Tue, 19 Sep 2023 03:46:16 GMT
    Etag: "27b35dff356e73016ee962a31c0df507"
    Content-Type: application/x-zip-compressed
    Date: Tue, 19 Sep 2023 05:18:41 GMT
    Server: tencent-cos
    Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
    x-cos-hash-crc64ecma: 2311534791810103252
    x-cos-request-id: NjUwOTJmMzFfYzUyZmFiMDlfNDRlXzE2N2U3NTg=
    Content-Length: 4982837
    Accept-Ranges: bytes
    X-NWS-LOG-UUID: 6220795941741725197
    Connection: keep-alive
    X-Cache-Lookup: Cache Hit
  • flag-us
    DNS
    206.47.33.101.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.47.33.101.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    39.4.255.157.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    39.4.255.157.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.64.153.116.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.64.153.116.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301031_1USZWHXG9N9DXQDDC&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301031_1USZWHXG9N9DXQDDC&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 345904
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E8EDFF576AEB44B28174894FF118E19E Ref B: AMS04EDGE2321 Ref C: 2023-10-14T22:18:41Z
    date: Sat, 14 Oct 2023 22:18:41 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300937_1HHU6SR72RIO6JU61&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300937_1HHU6SR72RIO6JU61&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 360487
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E7E12AF507074947896CEADB0786704B Ref B: AMS04EDGE2321 Ref C: 2023-10-14T22:18:41Z
    date: Sat, 14 Oct 2023 22:18:41 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301464_1CE37Y0LCXUHN5MGE&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301464_1CE37Y0LCXUHN5MGE&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 467039
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 98815642D08546B986A25D6822A9F517 Ref B: AMS04EDGE2321 Ref C: 2023-10-14T22:18:41Z
    date: Sat, 14 Oct 2023 22:18:41 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 373128
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E231D49E0F734067BE42E7B818FF4D19 Ref B: AMS04EDGE2321 Ref C: 2023-10-14T22:18:41Z
    date: Sat, 14 Oct 2023 22:18:41 GMT
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.16.208.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.16.208.104.in-addr.arpa
    IN PTR
    Response
  • 101.33.47.206:8081
    oth.eve.mdt.qq.com
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    1.3kB
     124 B
     5
    3
  • 101.33.47.206:8081
    oth.eve.mdt.qq.com
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    1.2kB
     132 B
     5
    3
  • 101.33.47.206:8081
    oth.eve.mdt.qq.com
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    1.2kB
     434 B
     5
    5
  • 157.255.4.39:443
    master.etl.desktop.qq.com
    https
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    574 B
     192 B
     6
    4
  • 116.153.64.103:443
    https://down.pc.yyb.qq.com/xy/yyb_management_system/DP1cIBZN.zip
    tls, http
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    130.4kB
     5.1MB
     2336
    3689

    HTTP Request

    GET https://down.pc.yyb.qq.com/pc_yyb_sdk/pc_yyb_sdk.json

    HTTP Response

    200

    HTTP Request

    GET https://down.pc.yyb.qq.com/xy/yyb_management_system/DP1cIBZN.zip

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.2kB
     16
    13
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    59.6kB
     1.6MB
     1174
    1171

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301031_1USZWHXG9N9DXQDDC&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300937_1HHU6SR72RIO6JU61&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301464_1CE37Y0LCXUHN5MGE&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 101.33.47.206:8081
    oth.eve.mdt.qq.com
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    1.2kB
     426 B
     5
    5
  • 101.33.47.206:8081
    oth.eve.mdt.qq.com
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    1.2kB
     434 B
     5
    5
  • 101.33.47.206:8081
    oth.eve.mdt.qq.com
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    1.2kB
     426 B
     5
    5
  • 8.8.8.8:53
    22.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    8.3.197.209.in-addr.arpa
    dns
    70 B
     111 B
     1
    1

    DNS Request

    8.3.197.209.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    29.81.57.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    29.81.57.23.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    down.pc.yyb.qq.com
    dns
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    64 B
     362 B
     1
    1

    DNS Request

    down.pc.yyb.qq.com

    DNS Response

    116.153.64.103
    36.249.92.207
    116.153.90.68
    116.153.64.183
    116.153.90.58
    116.153.64.78
    211.90.133.135
    221.204.165.214
    116.153.90.115
    111.206.187.78
    36.249.92.212
    116.153.90.78
    221.204.165.234

  • 8.8.8.8:53
    oth.eve.mdt.qq.com
    dns
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    64 B
     144 B
     1
    1

    DNS Request

    oth.eve.mdt.qq.com

    DNS Response

    101.33.47.206
    101.33.47.68

  • 8.8.8.8:53
    master.etl.desktop.qq.com
    dns
    ada4e2d4db707b2993757fcfe9a42dd1484cd81a9dcabfce593652700d5000e8.exe
    71 B
     114 B
     1
    1

    DNS Request

    master.etl.desktop.qq.com

    DNS Response

    157.255.4.39

  • 8.8.8.8:53
    206.47.33.101.in-addr.arpa
    dns
    72 B
     129 B
     1
    1

    DNS Request

    206.47.33.101.in-addr.arpa

  • 8.8.8.8:53
    39.4.255.157.in-addr.arpa
    dns
    71 B
     126 B
     1
    1

    DNS Request

    39.4.255.157.in-addr.arpa

  • 8.8.8.8:53
    103.64.153.116.in-addr.arpa
    dns
    73 B
     132 B
     1
    1

    DNS Request

    103.64.153.116.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    88.16.208.104.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    88.16.208.104.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll
    Filesize

    74KB

    MD5

    2814acbd607ba47bdbcdf6ac3076ee95

    SHA1

    50ab892071bed2bb2365ca1d4bf5594e71c6b13b

    SHA256

    5904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67

    SHA512

    34c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.