dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2

Analysis

max time kernel
151s
max time network
151s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30-03-2023 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
Size

7.4MB
MD5

4177bfc4a2bfda127224e1a61142c48a
SHA1

6f23dc7b3a941ecca81a33979ac3cef871928753
SHA256

dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2
SHA512

fa22472fc23716cdc12e1ca33ec4a8df30d017bb526134c8893203695081beb7b6685e47b0f1f9d6cfcf2b0d92c125e30f892f6f1f2097543f1c7e39ae0d9028
SSDEEP

196608:4gpnM6kgXgiqpVxBsAkX6uKDAYm2iWa5s9xd5ceaUCtBf5t2o:4gogwiqYqg2TfzcexCtB+o

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ComputerZService.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	ComputerZService.exe

Executes dropped EXE 2 IoCs

Processes:

360DrvMgr.exeComputerZService.exe

pid process

1748 360DrvMgr.exe
1828 ComputerZService.exe

pid	process
1748	360DrvMgr.exe
1828	ComputerZService.exe

Loads dropped DLL 21 IoCs

Processes:

dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe360DrvMgr.exeComputerZService.exeWerFault.exe

pid	process
1844	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
1748	360DrvMgr.exe
1748	360DrvMgr.exe
1748	360DrvMgr.exe
1748	360DrvMgr.exe
1748	360DrvMgr.exe
1748	360DrvMgr.exe
1748	360DrvMgr.exe
1748	360DrvMgr.exe
1748	360DrvMgr.exe
1828	ComputerZService.exe
1828	ComputerZService.exe
1828	ComputerZService.exe
1748	360DrvMgr.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
1380	WerFault.exe
1828	ComputerZService.exe
1828	ComputerZService.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

ComputerZService.exe

description	ioc	process
File opened (read-only)	\??\R:	ComputerZService.exe
File opened (read-only)	\??\S:	ComputerZService.exe
File opened (read-only)	\??\U:	ComputerZService.exe
File opened (read-only)	\??\F:	ComputerZService.exe
File opened (read-only)	\??\L:	ComputerZService.exe
File opened (read-only)	\??\J:	ComputerZService.exe
File opened (read-only)	\??\O:	ComputerZService.exe
File opened (read-only)	\??\P:	ComputerZService.exe
File opened (read-only)	\??\Q:	ComputerZService.exe
File opened (read-only)	\??\T:	ComputerZService.exe
File opened (read-only)	\??\V:	ComputerZService.exe
File opened (read-only)	\??\E:	ComputerZService.exe
File opened (read-only)	\??\G:	ComputerZService.exe
File opened (read-only)	\??\W:	ComputerZService.exe
File opened (read-only)	\??\X:	ComputerZService.exe
File opened (read-only)	\??\H:	ComputerZService.exe
File opened (read-only)	\??\I:	ComputerZService.exe
File opened (read-only)	\??\Y:	ComputerZService.exe
File opened (read-only)	\??\A:	ComputerZService.exe
File opened (read-only)	\??\B:	ComputerZService.exe
File opened (read-only)	\??\N:	ComputerZService.exe
File opened (read-only)	\??\Z:	ComputerZService.exe
File opened (read-only)	\??\K:	ComputerZService.exe
File opened (read-only)	\??\M:	ComputerZService.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

360DrvMgr.exeComputerZService.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	360DrvMgr.exe
File opened for modification	\??\PhysicalDrive0	ComputerZService.exe
File opened for modification	\??\PHYSICALDRIVE0	360DrvMgr.exe

Drops file in Windows directory 2 IoCs

Processes:

ComputerZService.exe

description	ioc	process
File opened for modification	C:\Windows\	ComputerZService.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	ComputerZService.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1380 1748 WerFault.exe 360DrvMgr.exe

pid	pid_target	process	target process
1380	1748	WerFault.exe	360DrvMgr.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

ComputerZService.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate	ComputerZService.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	ComputerZService.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

360DrvMgr.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE\360DrvMgr.exe = "8000"	360DrvMgr.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	360DrvMgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	360DrvMgr.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\360DrvMgr.exe = "8000"	360DrvMgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE	360DrvMgr.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

ComputerZService.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	ComputerZService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	ComputerZService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	ComputerZService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	ComputerZService.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

360DrvMgr.exeComputerZService.exe

pid process

1748 360DrvMgr.exe
1828 ComputerZService.exe
1828 ComputerZService.exe
Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

468
468

pid	process
1748	360DrvMgr.exe
1828	ComputerZService.exe
1828	ComputerZService.exe

pid	process
468
468

Suspicious use of AdjustPrivilegeToken 27 IoCs

Processes:

ComputerZService.exe

description	pid	process
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: SeRestorePrivilege	1828	ComputerZService.exe
Token: SeRestorePrivilege	1828	ComputerZService.exe
Token: SeRestorePrivilege	1828	ComputerZService.exe
Token: SeRestorePrivilege	1828	ComputerZService.exe
Token: SeRestorePrivilege	1828	ComputerZService.exe
Token: SeRestorePrivilege	1828	ComputerZService.exe
Token: SeRestorePrivilege	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: 33	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: 33	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: 33	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: 33	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: 33	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: 33	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: 33	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: 33	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe
Token: 33	1828	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1828	ComputerZService.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

360DrvMgr.exe

pid process

1748 360DrvMgr.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

360DrvMgr.exe

pid process

1748 360DrvMgr.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

360DrvMgr.exe

pid process

1748 360DrvMgr.exe
1748 360DrvMgr.exe

pid	process
1748	360DrvMgr.exe

pid	process
1748	360DrvMgr.exe

pid	process
1748	360DrvMgr.exe
1748	360DrvMgr.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exedc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe360DrvMgr.exe

description	pid	process	target process
PID 1136 wrote to memory of 1844	1136	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
PID 1136 wrote to memory of 1844	1136	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
PID 1136 wrote to memory of 1844	1136	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
PID 1136 wrote to memory of 1844	1136	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
PID 1844 wrote to memory of 1748	1844	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	360DrvMgr.exe
PID 1844 wrote to memory of 1748	1844	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	360DrvMgr.exe
PID 1844 wrote to memory of 1748	1844	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	360DrvMgr.exe
PID 1844 wrote to memory of 1748	1844	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	360DrvMgr.exe
PID 1748 wrote to memory of 1828	1748	360DrvMgr.exe	ComputerZService.exe
PID 1748 wrote to memory of 1828	1748	360DrvMgr.exe	ComputerZService.exe
PID 1748 wrote to memory of 1828	1748	360DrvMgr.exe	ComputerZService.exe
PID 1748 wrote to memory of 1828	1748	360DrvMgr.exe	ComputerZService.exe
PID 1748 wrote to memory of 1380	1748	360DrvMgr.exe	WerFault.exe
PID 1748 wrote to memory of 1380	1748	360DrvMgr.exe	WerFault.exe
PID 1748 wrote to memory of 1380	1748	360DrvMgr.exe	WerFault.exe
PID 1748 wrote to memory of 1380	1748	360DrvMgr.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
"C:\Users\Admin\AppData\Local\Temp\dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1136

C:\Users\Admin\AppData\Local\Temp\dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
"C:\Users\Admin\AppData\Local\Temp\dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe" -sfxwaitall:0 "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1844

C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
"C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1748

C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe
"C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe"
4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 1404
4⤵
- Loads dropped DLL
- Program crash
PID:1380

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360Base.dll
Filesize
900KB

MD5
a73cf0457df35fab74ef3393d2766667

SHA1
c123e15967e7ab980eba5431a6993e646500befd

SHA256
df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd

SHA512
faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360LibDrvmgr.dat
Filesize
5KB

MD5
43fe8b284917d5370e8db8864c5e000d

SHA1
d39f269cf328a94fc6efd3bb8ee36e7b3617bb27

SHA256
06e23d8cd37597b320eac6a1f657739c6d1764fc90105fa2809c9417989abf4b

SHA512
0ae34360e6d7bb24803dfc76a01c30b0f2299a608aeb6116196aeb978a31dae96279ea5d0ab2873ee69555adf62cd9c7590e29f7dfa9fc708782723208c8a6f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetBase.dll
Filesize
1.4MB

MD5
14c6b4bbd31f6fd13530bc941cc71d1a

SHA1
ce4e38ac82a54f64d318507ddc28f9ffbb378f0f

SHA256
401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5

SHA512
c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetUL.dll
Filesize
241KB

MD5
240e9b9b2b3f2a134070b7d5084278d3

SHA1
a39ce3213f364ec8435833afa36619e6d6fd24b0

SHA256
003e2f8225ae4bfe3487dea759c6e44176fb96ff89fb162904c7c923e9c78720

SHA512
2cdd9cd946b4a6df110f22197290090c1b4b734c9b9120e6403866342b17c50cd8a71d566ff0f284a03b5202af9f06248de71da1314486dbed58a64225cf5745

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360P2SP.dll
Filesize
689KB

MD5
75ae5114927b0200ea73e016211ae572

SHA1
15ae658c082afcab51ade61b8ed6699a978b5e05

SHA256
8e38aeb187edd59329007fe10d2b509e5566256e993a127902d57bac66b17346

SHA512
ae65e304fc669b98c5d137c4e7cba591e075b9d1b588af1d7eea2458776c29b2a2ccd06ea37aeb89d0cd0ebcb155aec7a6a0a842da4ac36f9b512049967e59fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360net.dll
Filesize
477KB

MD5
2bca9e782840c8214dbc3ef6ee64404c

SHA1
9144db795c7b092ac55a5b59c0eb569e3432cfec

SHA256
1320ce2bf517978d3c65cf9cb8390318f3ea1896ef10a66b53a1832792341c62

SHA512
87188cdd4d581c9b20bb36451f0376837bfe5489b685dc28a902af441f0681ff89922138d1a160f4d926189b2ae491a7fb7158c60596116f9f09e6c9516d5c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\7za.dll
Filesize
777KB

MD5
34f4329522a2b16d1bc9ad4ab58d9fc1

SHA1
04ec3c21a59a15a85b29bead3733f0ceccce8680

SHA256
fc07200668d45a640bbd5f6997851e31a20941fcb661f8e09469899becebdf8a

SHA512
ab8efc3dee9319401634dc3d8e6fe8282dc14a6058cf923af2d69656e58ed3724cfd5d466801fcf0bf53510f5b3197986972240693e4b1bbdcc9ae562ae0eb6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ.set
Filesize
65B

MD5
2d190642e5162c95e649f0032cf66dae

SHA1
262f8e1e5fff6784f31eb1a33b72e91405595297

SHA256
54a58179f47494502dd6750e2dba0008fd08958f5945346bbd8af818f52a6b3b

SHA512
6e5aa767f214c86bd1f7216ef4203931019efb7f11900d755bd409329576e4a4d6bf458b62676feab7093c9734a486e759af012a1a4bd0d1d0b246b1f10f88d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ1.dll
Filesize
1.1MB

MD5
6dbf812d5b61f30a21ddccaec30b4452

SHA1
4778e2d043ac593193e5e15056bb98bba564c246

SHA256
197c529acff08fbc13b11010d95c270e50ddd867f783cfec598c5f831f847033

SHA512
7b9506902c1d0a6b8b74e068be87a7d4fec8a96b3d1b05d06d533d4ef995abc7e2ce24a8d37e38b19b62ad5b316e10831c220df44360a15a6b89e18767bea699

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ2.dll
Filesize
229KB

MD5
a75f38215a115f9260b58cdd935d7d81

SHA1
dbb7d9d7e69cd5f2f4cda49bebc0fd922316a866

SHA256
102459b35d0b36f915b2cafc2e083d95f4e042815c732a2520dfb646efae4cd1

SHA512
3eeacb82ed9e61d9dc8fec13c2f87fd07b90a5052dd1a3482ee4cdb5122db77587078e7966bf72d73b776973bac09f53f37081f4af0828f1a914c0cd31d03ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ5.dll
Filesize
197KB

MD5
d8308aa7cc08c3a56c9187029db56702

SHA1
f8a1b97e321660d814d4d01f03911f6da0caed9d

SHA256
850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8

SHA512
0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe
Filesize
1.3MB

MD5
a6463f45cb2f8d43346d53d30df13b18

SHA1
74d3afb775ff5219064b0a10cc5ead1961fadd59

SHA256
403791380577b7de0e586bcb68eb395eebca6b30039d9fc0f7bca187421bcb96

SHA512
c5e1b8165c06fe4ffffc9cbd622b05b84160f51b0637fdde895f666907a502fcd7a7b994b08685f878b94ea18266e0ea5b4e515c459cb8ed1f70b0de45994d34

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe
Filesize
1.3MB

MD5
a6463f45cb2f8d43346d53d30df13b18

SHA1
74d3afb775ff5219064b0a10cc5ead1961fadd59

SHA256
403791380577b7de0e586bcb68eb395eebca6b30039d9fc0f7bca187421bcb96

SHA512
c5e1b8165c06fe4ffffc9cbd622b05b84160f51b0637fdde895f666907a502fcd7a7b994b08685f878b94ea18266e0ea5b4e515c459cb8ed1f70b0de45994d34

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll
Filesize
8.5MB

MD5
2bcee702e76853c61a3621e410521a20

SHA1
824a186e0f1d77692b416877c18d867885dc2dca

SHA256
14f5ffec3b83ed5831f7cd046552b9b224a6ec2613643f85c8cebfdf72df80d5

SHA512
f20fec854d0399d57e58b2056063be9414a0714c8938e914fbbab6cd1fc2eac09fb3919359eaee83284b60923f38252c417ce430c081dbf4bcfbf2c176fa20e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DIFxAPI_x86.dll
Filesize
311KB

MD5
1bd976dd77b31fe0f25708ad5c1351ae

SHA1
50d075688835df04484f0b93792a530cb47a1872

SHA256
b3c28941ceb057de44d9c322a38bb0f63c62d7ffbd91cf7970964413978f8eb7

SHA512
d58c2be88941c15214c51c59923437863a94db7b8080ead69017f7cce19d256dbe4d1d8498762476c75c26773dfba1aaff3bed615589ebf4b39df78df1b50b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DataMgr.dll
Filesize
664KB

MD5
af1cc0d945bceb82863195d11ad9827e

SHA1
215884e6188ebf94b73bffbff7e040e376954874

SHA256
18d8c74199c73a226436b3cbde6ce232b8aa30dabdc0dbb64e9dc52c18fa0a05

SHA512
39f1e822ea1b0f1ac292533df058977ece4386b7636256a4158f65c9f1e6ad05cc1c91f0edb19af03fe9b757661348256b667d285243db55404c42ea3e3d3daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DownloadMgr.dll
Filesize
445KB

MD5
29cf1d28db1a5c5d68b5e0cce6c81db0

SHA1
84af3d92647f8068bf6b20c2fb1937a2c1d05bb0

SHA256
b4e3b9f375c360eec4fe7d811e0476a9a8a03fc632d890342e4c5db957ef481e

SHA512
1c5bc96d1f6ebd4d5abbc2d06fea90cf5509fb258f3e691507a3c7f1d351b230bdb2848a4d50f40bc258daa9823f920730860d6f203356d7b7584c03ccdca6ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvMgrUI.dll
Filesize
2.8MB

MD5
b7908211eda24ecaf531b7543dbdaf18

SHA1
2f4b4ee78ce39b75fe55ed5c0139e45a480ae94f

SHA256
99e389a8cd446838c421a4e988f4994c4d014495ef7e1dd0694d34a82faf4b68

SHA512
38c30560b732edebbe02b7f2ec3d6e3a16ee3899c4be114a949e980f4a8cfb59c162ab587c2a717681c7eaaac54552823f0640b77f4174c941751666624343e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvmgrCore.dll
Filesize
1.3MB

MD5
ff8e2fcd5966c428452ebb0df4663d79

SHA1
d155f1c341adc9ae94f4e8fa85ec0cbe4e5ee41d

SHA256
e0ac7f1f166f819bf3145029153ed7fe43fcf8ca86ecaad7595f9d0ea762d94b

SHA512
7b4a67397418e6d3f560f65ba25dcec28a6c3774abecb0b9c10ffa566ca29b438c1d1a7789df1de7589027211280f57999ef5c552b835a0e798238f6e5b33a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\LiveUpd360.dll
Filesize
593KB

MD5
e2ab61cd7dd7c8443719460140737b09

SHA1
d07424aaf894aa68bab5c7cc829e54f69f466338

SHA256
0439f9f3a68e14ee28c718ac334f9318f97858ab5430e4fa2e82eb355ed446d6

SHA512
c608aa5fd10849f5efcc74ffb02bfc59c1cd943154b30f2e2174e30543708f3b92d020d39ae36b9dd2e90c2171863b5a610ab18248d430c974853fe0a810df60

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\MiniUI.dll
Filesize
901KB

MD5
043365f793b1672fc80aaebde3b22929

SHA1
be526a544e7af66b573b29ee7100374e9deb9a1f

SHA256
2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23

SHA512
efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe
Filesize
790KB

MD5
104c63cd4e72a2c2c19828938ea5a6d9

SHA1
839a489ae97e2e71794c6076b97df1335df1f614

SHA256
6a9dfc520cb9b164ce0858502b7fd0e3d09399c3a75c97ef4b12e866419de4c3

SHA512
967d5b1d4a52aab71cfaa67091862f3d451cdb6374576ed9aa79e2f6dd75230a848f48382180acfffa37ae4d5643280aa963bc15a34166c79223f234d0f48f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\SignHelper.dll
Filesize
139KB

MD5
a60df7bdf1ab9583e8bf7b38f2eca0a3

SHA1
528064b42f0470e785e896df67b41c6335f176a6

SHA256
4c20f1868b4ee71cca4d399b947f7942460a4074f2942ba90f382c2476b96978

SHA512
7fd219bf83e63dae70dfc79ad1978cefa4a9aec27b69f6e7f0b6e26678c988f8e4dda88f8d000cc20a1b0fdcdd69c24c56eab9a70c242630e902fe1b2d47eea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\TempMonitor.dll
Filesize
133KB

MD5
8ad107056ef085883c5a4f3e6734afc1

SHA1
d8fe184d16280c582f03e3823794dfe76f8cb5bb

SHA256
c1965d9ca60afabe4af635e86e579f5706581f318bc4b488dc5b3af6c36cce29

SHA512
3da4f0393153ed7ad7ffe3a8ff2079c078fd4c6a19b69b70957998cbab0bb3363e774be74625f6a60d1d47037f1955c47de6e910f6a19dbe6fe27fb9ff988e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\atiags32.dll
Filesize
196KB

MD5
a1f7d080d2a00a9ddca9a469c29663c0

SHA1
9fa6b676b9509eead040415ca13a097118ae2175

SHA256
81b7e8a1c0073f6b7c4188216a94e5ab6420844e1acb122d93fab4c6bc14eebe

SHA512
eef12054ace42f07b05b371aa51164bbbfd65120b111e375eaec30537c232ae85022dd1bf424ed94a8d97eb216919cc5857e332029778b93faa8064555e4e07e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\config.xml
Filesize
978B

MD5
583e167ba709fec11044409c6b09d04f

SHA1
27b363d8b5dee2df351a5d41e6f14b6156db190f

SHA256
ea5f4faf853767718beef85023fcd9e13cca2127ebb3c17331903779db2916a0

SHA512
bebb16e99340d9264b7ae4cfd1562243a8cef688d3585968046c68020f19de587668485017f74368c20b686f5543bb319cc02665a3cdbb890eb47ffa4ce2a20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\defaultskin\defaultskin.ui
Filesize
156KB

MD5
0cc06e728803d0cdeedda92e04313e6c

SHA1
62e897041bdbf18ca65f6c452abcb557e17c0ded

SHA256
3fb6414e92be15821c674a6e72295e75747e9734c827ac14e85479d4720f2b33

SHA512
72afb68bf2078e459cf2e37481c61ff172dd224f5b089bf9903b0c55660aecfdcb98622c0b04fe88edae0e2e25c0eb640cffafc7343bbe5d67ef137397678936

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\defaultskin\miniui.xml
Filesize
8KB

MD5
1c7fad425e4dc4787174876b6725c5de

SHA1
6bf7f9afb666636bea1cef7eca6ebc32f4b344a2

SHA256
ee451d9f3d84226bcd456f193e1e79ebfbd1f24b961b25770c40df93ee7ca494

SHA512
ab02ca7851e6a859244edea31b3cf931a14937ec9ad2274c49a1aedb5a258360f653d7d5e76b9c6166633c4c284db9be277ae584d89641a99da3c77564f8b57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\dynlenv.dll
Filesize
548KB

MD5
61bda655c88ce843905ce63a2d5669e4

SHA1
532304d12d6e1a740e01cf03b3439301d2c6c85d

SHA256
fa7daa6a0e13f9112de63313caf4d06081aee0c7e79b5937cff0519bb4c0bbd4

SHA512
ad9c4f862747ff55ac506ea8b9d4a84a7d0c15d9cb8e9c987722141b9c33957d6aed44b59f0d85a068431ec2b85061b6c27d38011b8dca1675905aaaf6e37bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\pdown.dll
Filesize
230KB

MD5
48a849ff04150b2ec0836ab6bb32590a

SHA1
1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3

SHA256
ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62

SHA512
b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\转载请保留并注明出处.url
Filesize
178B

MD5
6cc3a788993f98bd69fb0ed3af487173

SHA1
ecac237414ee963c9c7c8dda83a4b07de01a91e5

SHA256
324807cbf73a94cfba062fe61a2932a079f530213c9f051a4bc2ac2c15bc3f40

SHA512
06559f71ceafe0686e1ed30503dcc0b7c08322f6dc62a2de3c02e1fedc5fc9715d666537f3353bc03ef33badae2d0e28882183ce40c25c811cb11df3a0dfb1cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab391D.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar58EF.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Roaming\360DrvMgr\Config.ini
Filesize
57B

MD5
af52d6fb8cb6b87a5ccc3d2ece2562c5

SHA1
b3b381e0b77a7fc85efb8b822824b3806e743181

SHA256
204cde7d986ab8fde7defcf30c34d8540d6280e8734e0ff9fe1c683c13ed1bff

SHA512
4a4409fa03eff4ebe73a9f5ebaf431db498dc2dff45e2c033503c2423ceb88a316868b84104e2759b27b1b3c5dbbacdac3244f52ab8ad84f4ac3436fa0d86ae2

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\360Base.dll
Filesize
900KB

MD5
a73cf0457df35fab74ef3393d2766667

SHA1
c123e15967e7ab980eba5431a6993e646500befd

SHA256
df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd

SHA512
faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetBase.dll
Filesize
1.4MB

MD5
14c6b4bbd31f6fd13530bc941cc71d1a

SHA1
ce4e38ac82a54f64d318507ddc28f9ffbb378f0f

SHA256
401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5

SHA512
c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ2.dll
Filesize
229KB

MD5
a75f38215a115f9260b58cdd935d7d81

SHA1
dbb7d9d7e69cd5f2f4cda49bebc0fd922316a866

SHA256
102459b35d0b36f915b2cafc2e083d95f4e042815c732a2520dfb646efae4cd1

SHA512
3eeacb82ed9e61d9dc8fec13c2f87fd07b90a5052dd1a3482ee4cdb5122db77587078e7966bf72d73b776973bac09f53f37081f4af0828f1a914c0cd31d03ce9

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ5.dll
Filesize
197KB

MD5
d8308aa7cc08c3a56c9187029db56702

SHA1
f8a1b97e321660d814d4d01f03911f6da0caed9d

SHA256
850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8

SHA512
0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe
Filesize
1.3MB

MD5
a6463f45cb2f8d43346d53d30df13b18

SHA1
74d3afb775ff5219064b0a10cc5ead1961fadd59

SHA256
403791380577b7de0e586bcb68eb395eebca6b30039d9fc0f7bca187421bcb96

SHA512
c5e1b8165c06fe4ffffc9cbd622b05b84160f51b0637fdde895f666907a502fcd7a7b994b08685f878b94ea18266e0ea5b4e515c459cb8ed1f70b0de45994d34

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll
Filesize
8.5MB

MD5
2bcee702e76853c61a3621e410521a20

SHA1
824a186e0f1d77692b416877c18d867885dc2dca

SHA256
14f5ffec3b83ed5831f7cd046552b9b224a6ec2613643f85c8cebfdf72df80d5

SHA512
f20fec854d0399d57e58b2056063be9414a0714c8938e914fbbab6cd1fc2eac09fb3919359eaee83284b60923f38252c417ce430c081dbf4bcfbf2c176fa20e9

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll
Filesize
8.5MB

MD5
2bcee702e76853c61a3621e410521a20

SHA1
824a186e0f1d77692b416877c18d867885dc2dca

SHA256
14f5ffec3b83ed5831f7cd046552b9b224a6ec2613643f85c8cebfdf72df80d5

SHA512
f20fec854d0399d57e58b2056063be9414a0714c8938e914fbbab6cd1fc2eac09fb3919359eaee83284b60923f38252c417ce430c081dbf4bcfbf2c176fa20e9

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll
Filesize
8.5MB

MD5
2bcee702e76853c61a3621e410521a20

SHA1
824a186e0f1d77692b416877c18d867885dc2dca

SHA256
14f5ffec3b83ed5831f7cd046552b9b224a6ec2613643f85c8cebfdf72df80d5

SHA512
f20fec854d0399d57e58b2056063be9414a0714c8938e914fbbab6cd1fc2eac09fb3919359eaee83284b60923f38252c417ce430c081dbf4bcfbf2c176fa20e9

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\DataMgr.dll
Filesize
664KB

MD5
af1cc0d945bceb82863195d11ad9827e

SHA1
215884e6188ebf94b73bffbff7e040e376954874

SHA256
18d8c74199c73a226436b3cbde6ce232b8aa30dabdc0dbb64e9dc52c18fa0a05

SHA512
39f1e822ea1b0f1ac292533df058977ece4386b7636256a4158f65c9f1e6ad05cc1c91f0edb19af03fe9b757661348256b667d285243db55404c42ea3e3d3daf

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\DownloadMgr.dll
Filesize
445KB

MD5
29cf1d28db1a5c5d68b5e0cce6c81db0

SHA1
84af3d92647f8068bf6b20c2fb1937a2c1d05bb0

SHA256
b4e3b9f375c360eec4fe7d811e0476a9a8a03fc632d890342e4c5db957ef481e

SHA512
1c5bc96d1f6ebd4d5abbc2d06fea90cf5509fb258f3e691507a3c7f1d351b230bdb2848a4d50f40bc258daa9823f920730860d6f203356d7b7584c03ccdca6ec

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvMgrUI.dll
Filesize
2.8MB

MD5
b7908211eda24ecaf531b7543dbdaf18

SHA1
2f4b4ee78ce39b75fe55ed5c0139e45a480ae94f

SHA256
99e389a8cd446838c421a4e988f4994c4d014495ef7e1dd0694d34a82faf4b68

SHA512
38c30560b732edebbe02b7f2ec3d6e3a16ee3899c4be114a949e980f4a8cfb59c162ab587c2a717681c7eaaac54552823f0640b77f4174c941751666624343e2

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvmgrCore.dll
Filesize
1.3MB

MD5
ff8e2fcd5966c428452ebb0df4663d79

SHA1
d155f1c341adc9ae94f4e8fa85ec0cbe4e5ee41d

SHA256
e0ac7f1f166f819bf3145029153ed7fe43fcf8ca86ecaad7595f9d0ea762d94b

SHA512
7b4a67397418e6d3f560f65ba25dcec28a6c3774abecb0b9c10ffa566ca29b438c1d1a7789df1de7589027211280f57999ef5c552b835a0e798238f6e5b33a64

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\MiniUI.dll
Filesize
901KB

MD5
043365f793b1672fc80aaebde3b22929

SHA1
be526a544e7af66b573b29ee7100374e9deb9a1f

SHA256
2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23

SHA512
efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\TempMonitor.dll
Filesize
133KB

MD5
8ad107056ef085883c5a4f3e6734afc1

SHA1
d8fe184d16280c582f03e3823794dfe76f8cb5bb

SHA256
c1965d9ca60afabe4af635e86e579f5706581f318bc4b488dc5b3af6c36cce29

SHA512
3da4f0393153ed7ad7ffe3a8ff2079c078fd4c6a19b69b70957998cbab0bb3363e774be74625f6a60d1d47037f1955c47de6e910f6a19dbe6fe27fb9ff988e07

Download Submit
\Users\Admin\AppData\Local\Temp\360DrvMgr\pdown.dll
Filesize
230KB

MD5
48a849ff04150b2ec0836ab6bb32590a

SHA1
1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3

SHA256
ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62

SHA512
b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680

Download Submit
memory/1748-159-0x0000000002A10000-0x0000000002BAE000-memory.dmp

Filesize
1.6MB

Download
memory/1748-156-0x0000000077300000-0x0000000077310000-memory.dmp

Filesize
64KB

Download
memory/1748-171-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/1748-153-0x0000000077300000-0x0000000077310000-memory.dmp

Filesize
64KB

Download
memory/1748-271-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/1828-201-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1828-193-0x0000000077300000-0x0000000077310000-memory.dmp

Filesize
64KB

Download
memory/1828-268-0x0000000000C70000-0x0000000000CA7000-memory.dmp

Filesize
220KB

Download
memory/1828-272-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1828-273-0x0000000000C70000-0x0000000000CA7000-memory.dmp

Filesize
220KB

Download