dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2

Analysis

max time kernel
59s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2023 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
Size

7.4MB
MD5

4177bfc4a2bfda127224e1a61142c48a
SHA1

6f23dc7b3a941ecca81a33979ac3cef871928753
SHA256

dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2
SHA512

fa22472fc23716cdc12e1ca33ec4a8df30d017bb526134c8893203695081beb7b6685e47b0f1f9d6cfcf2b0d92c125e30f892f6f1f2097543f1c7e39ae0d9028
SSDEEP

196608:4gpnM6kgXgiqpVxBsAkX6uKDAYm2iWa5s9xd5ceaUCtBf5t2o:4gogwiqYqg2TfzcexCtB+o

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ComputerZService.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	ComputerZService.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe360DrvMgr.exedc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	360DrvMgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe

Executes dropped EXE 3 IoCs

Processes:

360DrvMgr.exeComputerZService.exeScriptExecute.exe

pid process

112 360DrvMgr.exe
1328 ComputerZService.exe
640 ScriptExecute.exe

Loads dropped DLL 12 IoCs

Processes:

360DrvMgr.exeComputerZService.exe

pid	process
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
1328	ComputerZService.exe
112	360DrvMgr.exe
1328	ComputerZService.exe
1328	ComputerZService.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

ComputerZService.exe

description	ioc	process
File opened (read-only)	\??\R:	ComputerZService.exe
File opened (read-only)	\??\W:	ComputerZService.exe
File opened (read-only)	\??\K:	ComputerZService.exe
File opened (read-only)	\??\L:	ComputerZService.exe
File opened (read-only)	\??\M:	ComputerZService.exe
File opened (read-only)	\??\N:	ComputerZService.exe
File opened (read-only)	\??\O:	ComputerZService.exe
File opened (read-only)	\??\T:	ComputerZService.exe
File opened (read-only)	\??\V:	ComputerZService.exe
File opened (read-only)	\??\X:	ComputerZService.exe
File opened (read-only)	\??\B:	ComputerZService.exe
File opened (read-only)	\??\E:	ComputerZService.exe
File opened (read-only)	\??\J:	ComputerZService.exe
File opened (read-only)	\??\Q:	ComputerZService.exe
File opened (read-only)	\??\U:	ComputerZService.exe
File opened (read-only)	\??\Y:	ComputerZService.exe
File opened (read-only)	\??\F:	ComputerZService.exe
File opened (read-only)	\??\H:	ComputerZService.exe
File opened (read-only)	\??\I:	ComputerZService.exe
File opened (read-only)	\??\S:	ComputerZService.exe
File opened (read-only)	\??\Z:	ComputerZService.exe
File opened (read-only)	\??\A:	ComputerZService.exe
File opened (read-only)	\??\G:	ComputerZService.exe
File opened (read-only)	\??\P:	ComputerZService.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

ComputerZService.exe360DrvMgr.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	ComputerZService.exe
File opened for modification	\??\PHYSICALDRIVE0	360DrvMgr.exe
File opened for modification	\??\PhysicalDrive0	360DrvMgr.exe

Drops file in System32 directory 9 IoCs

Processes:

ComputerZService.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\hdaudio.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	ComputerZService.exe

Drops file in Windows directory 1 IoCs

Processes:

ComputerZService.exe

description ioc process

File opened for modification C:\Windows\ ComputerZService.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4392 112 WerFault.exe 360DrvMgr.exe

description	ioc	process
File opened for modification	C:\Windows\	ComputerZService.exe

pid	pid_target	process	target process
4392	112	WerFault.exe	360DrvMgr.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

ComputerZService.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	ComputerZService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	ComputerZService.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exe

pid process

4716 tasklist.exe
400 tasklist.exe

pid	process
4716	tasklist.exe
400	tasklist.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

ComputerZService.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	ComputerZService.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	ComputerZService.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

3676 taskkill.exe
5040 taskkill.exe
4972 taskkill.exe
3788 taskkill.exe

pid	process
3676	taskkill.exe
5040	taskkill.exe
4972	taskkill.exe
3788	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

360DrvMgr.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\360DrvMgr.exe = "8000"	360DrvMgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE	360DrvMgr.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE\360DrvMgr.exe = "8000"	360DrvMgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	360DrvMgr.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

360DrvMgr.exeComputerZService.exeScriptExecute.exe

pid	process
112	360DrvMgr.exe
112	360DrvMgr.exe
1328	ComputerZService.exe
1328	ComputerZService.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
112	360DrvMgr.exe
640	ScriptExecute.exe
640	ScriptExecute.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

644
644

pid	process
644
644

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

ComputerZService.exeScriptExecute.exetasklist.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetasklist.exe

description	pid	process
Token: SeIncBasePriorityPrivilege	1328	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1328	ComputerZService.exe
Token: SeAssignPrimaryTokenPrivilege	640	ScriptExecute.exe
Token: SeIncreaseQuotaPrivilege	640	ScriptExecute.exe
Token: SeDebugPrivilege	640	ScriptExecute.exe
Token: SeSecurityPrivilege	640	ScriptExecute.exe
Token: SeLoadDriverPrivilege	640	ScriptExecute.exe
Token: SeShutdownPrivilege	640	ScriptExecute.exe
Token: SeDebugPrivilege	4716	tasklist.exe
Token: SeDebugPrivilege	3676	taskkill.exe
Token: SeDebugPrivilege	5040	taskkill.exe
Token: SeDebugPrivilege	4972	taskkill.exe
Token: SeDebugPrivilege	3788	taskkill.exe
Token: SeDebugPrivilege	400	tasklist.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

360DrvMgr.exe

pid process

112 360DrvMgr.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

360DrvMgr.exe

pid process

112 360DrvMgr.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

360DrvMgr.exe

pid process

112 360DrvMgr.exe
112 360DrvMgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exedc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe360DrvMgr.execmd.execmd.exe

description	pid	process	target process
PID 5100 wrote to memory of 3024	5100	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
PID 5100 wrote to memory of 3024	5100	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
PID 5100 wrote to memory of 3024	5100	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
PID 3024 wrote to memory of 112	3024	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	360DrvMgr.exe
PID 3024 wrote to memory of 112	3024	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	360DrvMgr.exe
PID 3024 wrote to memory of 112	3024	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	360DrvMgr.exe
PID 112 wrote to memory of 1328	112	360DrvMgr.exe	ComputerZService.exe
PID 112 wrote to memory of 1328	112	360DrvMgr.exe	ComputerZService.exe
PID 112 wrote to memory of 1328	112	360DrvMgr.exe	ComputerZService.exe
PID 112 wrote to memory of 640	112	360DrvMgr.exe	ScriptExecute.exe
PID 112 wrote to memory of 640	112	360DrvMgr.exe	ScriptExecute.exe
PID 112 wrote to memory of 640	112	360DrvMgr.exe	ScriptExecute.exe
PID 5100 wrote to memory of 1188	5100	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	cmd.exe
PID 5100 wrote to memory of 1188	5100	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	cmd.exe
PID 1188 wrote to memory of 4716	1188	cmd.exe	tasklist.exe
PID 1188 wrote to memory of 4716	1188	cmd.exe	tasklist.exe
PID 1188 wrote to memory of 1208	1188	cmd.exe	find.exe
PID 1188 wrote to memory of 1208	1188	cmd.exe	find.exe
PID 1188 wrote to memory of 3676	1188	cmd.exe	taskkill.exe
PID 1188 wrote to memory of 3676	1188	cmd.exe	taskkill.exe
PID 1188 wrote to memory of 5040	1188	cmd.exe	taskkill.exe
PID 1188 wrote to memory of 5040	1188	cmd.exe	taskkill.exe
PID 1188 wrote to memory of 4972	1188	cmd.exe	taskkill.exe
PID 1188 wrote to memory of 4972	1188	cmd.exe	taskkill.exe
PID 1188 wrote to memory of 3788	1188	cmd.exe	taskkill.exe
PID 1188 wrote to memory of 3788	1188	cmd.exe	taskkill.exe
PID 1188 wrote to memory of 4980	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 4980	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 4272	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 4272	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 2228	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 2228	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3300	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3300	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3312	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3312	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3196	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3196	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 1676	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 1676	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3076	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3076	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 4616	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 4616	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 5104	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 5104	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 5084	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 5084	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 5024	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 5024	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 5000	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 5000	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 4892	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 4892	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3724	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 3724	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 1200	1188	cmd.exe	reg.exe
PID 1188 wrote to memory of 1200	1188	cmd.exe	reg.exe
PID 5100 wrote to memory of 1028	5100	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	cmd.exe
PID 5100 wrote to memory of 1028	5100	dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe	cmd.exe
PID 1028 wrote to memory of 400	1028	cmd.exe	tasklist.exe
PID 1028 wrote to memory of 400	1028	cmd.exe	tasklist.exe
PID 1028 wrote to memory of 336	1028	cmd.exe	find.exe
PID 1028 wrote to memory of 336	1028	cmd.exe	find.exe

C:\Users\Admin\AppData\Local\Temp\dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
"C:\Users\Admin\AppData\Local\Temp\dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5100

C:\Users\Admin\AppData\Local\Temp\dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe
"C:\Users\Admin\AppData\Local\Temp\dc38c13419d163e306abe8ff9a118eef68458ef426242d5082ef69a0eb8c85c2.exe" -sfxwaitall:0 "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe"
2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3024

C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
"C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:112

C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe
"C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe"
4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 2884
4⤵
- Program crash
PID:4392

C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe
"C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe" /tip
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:640

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c tasklist | find /i "360DrvMgr.exe" || @pushd "C:\Users\Admin\AppData\Local\Temp\360DrvMgr" >nul 2>&1 & CALL "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\清理残留.bat"
2⤵
- Suspicious use of WriteProcessMemory
PID:1188

C:\Windows\system32\tasklist.exe
tasklist
3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4716

C:\Windows\system32\find.exe
find /i "360DrvMgr.exe"
3⤵
PID:1208

C:\Windows\system32\taskkill.exe
taskkill /f /im DrvInst64.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3676

C:\Windows\system32\taskkill.exe
taskkill /f /im 360DrvMgr.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5040

C:\Windows\system32\taskkill.exe
taskkill /f /im ScriptExecute.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4972

C:\Windows\system32\taskkill.exe
taskkill /f /im ComputerZService.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3788

C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\360DrvMgr" /f
3⤵
PID:4980

C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\LiveUpdate360" /f
3⤵
PID:4272

C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\KitTipCLSID" /f
3⤵
PID:2228

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\360DrvMgr" /f
3⤵
PID:3300

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\360Safe\Liveup" /f
3⤵
PID:3312

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\LiveUpdate360" /f
3⤵
PID:3196

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\360DrvMgr" /f /reg:32
3⤵
PID:1676

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\LiveUpdate360" /f /reg:32
3⤵
PID:3076

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\360Safe\Liveup" /f /reg:32
3⤵
PID:4616

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Tracing\360DrvMgr_RASAPI32" /f
3⤵
PID:5104

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Tracing\360DrvMgr_RASAPI32" /f /reg:32
3⤵
PID:5084

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Tracing\360DrvMgrInstaller_beta_RASAPI32" /f
3⤵
PID:5024

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Tracing\360DrvMgrInstaller_beta_RASAPI32" /f /reg:32
3⤵
PID:5000

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360DrvMgr" /f
3⤵
PID:4892

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360DrvMgr.exe" /f
3⤵
PID:3724

C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360DrvMgr" /f /reg:32
3⤵
PID:1200

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c tasklist | find /i "360DrvMgr.exe" || rd /s /q "C:\Users\Admin\AppData\Local\Temp\360DrvMgr"
2⤵
- Suspicious use of WriteProcessMemory
PID:1028

C:\Windows\system32\tasklist.exe
tasklist
3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:400

C:\Windows\system32\find.exe
find /i "360DrvMgr.exe"
3⤵
PID:336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 112 -ip 112
1⤵
PID:920

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\360DrvMgr\187E~1.TXT
Filesize
3KB

MD5
67f07d6a49c881b76f5fe73eee27efc3

SHA1
146cd4e130faca9c29cd4062868f476cbad005c5

SHA256
6b167519cce5fe93a1238c0864a5cec3dc965db623dfce0d939a3a2df1f5becd

SHA512
024bbd5c661492e84730ecfb5c34d7f7807dfa8e9e0759a651c19edc0a738cffc8be373541f59d604a10f6a21bf91317305e8c4d4c7c71e24acbc869a97a8773

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\33D9~1.URL
Filesize
178B

MD5
6cc3a788993f98bd69fb0ed3af487173

SHA1
ecac237414ee963c9c7c8dda83a4b07de01a91e5

SHA256
324807cbf73a94cfba062fe61a2932a079f530213c9f051a4bc2ac2c15bc3f40

SHA512
06559f71ceafe0686e1ed30503dcc0b7c08322f6dc62a2de3c02e1fedc5fc9715d666537f3353bc03ef33badae2d0e28882183ce40c25c811cb11df3a0dfb1cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360Base.dll
Filesize
900KB

MD5
a73cf0457df35fab74ef3393d2766667

SHA1
c123e15967e7ab980eba5431a6993e646500befd

SHA256
df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd

SHA512
faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360Base.dll
Filesize
900KB

MD5
a73cf0457df35fab74ef3393d2766667

SHA1
c123e15967e7ab980eba5431a6993e646500befd

SHA256
df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd

SHA512
faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
Filesize
1.2MB

MD5
5e86a62187f2ec96762fee8e494480d6

SHA1
e82e60377404dc7a64d8eacf92fc418be1544eba

SHA256
df4042df0e4695d97793788aa99145b7bc4fc9cf488fd4c62e2e6b4799da72ba

SHA512
260f4afa562ebdd57ca7219a38bda60ee84c17ed9e926b68ba02359cfe436635b833327ce04b0c362a2684142869d27e03e417eee917a3edc8e94954556583e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360LibDrvmgr.dat
Filesize
5KB

MD5
43fe8b284917d5370e8db8864c5e000d

SHA1
d39f269cf328a94fc6efd3bb8ee36e7b3617bb27

SHA256
06e23d8cd37597b320eac6a1f657739c6d1764fc90105fa2809c9417989abf4b

SHA512
0ae34360e6d7bb24803dfc76a01c30b0f2299a608aeb6116196aeb978a31dae96279ea5d0ab2873ee69555adf62cd9c7590e29f7dfa9fc708782723208c8a6f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetBase.dll
Filesize
1.4MB

MD5
14c6b4bbd31f6fd13530bc941cc71d1a

SHA1
ce4e38ac82a54f64d318507ddc28f9ffbb378f0f

SHA256
401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5

SHA512
c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetBase.dll
Filesize
1.4MB

MD5
14c6b4bbd31f6fd13530bc941cc71d1a

SHA1
ce4e38ac82a54f64d318507ddc28f9ffbb378f0f

SHA256
401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5

SHA512
c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetUL.dll
Filesize
241KB

MD5
240e9b9b2b3f2a134070b7d5084278d3

SHA1
a39ce3213f364ec8435833afa36619e6d6fd24b0

SHA256
003e2f8225ae4bfe3487dea759c6e44176fb96ff89fb162904c7c923e9c78720

SHA512
2cdd9cd946b4a6df110f22197290090c1b4b734c9b9120e6403866342b17c50cd8a71d566ff0f284a03b5202af9f06248de71da1314486dbed58a64225cf5745

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360P2SP.dll
Filesize
689KB

MD5
75ae5114927b0200ea73e016211ae572

SHA1
15ae658c082afcab51ade61b8ed6699a978b5e05

SHA256
8e38aeb187edd59329007fe10d2b509e5566256e993a127902d57bac66b17346

SHA512
ae65e304fc669b98c5d137c4e7cba591e075b9d1b588af1d7eea2458776c29b2a2ccd06ea37aeb89d0cd0ebcb155aec7a6a0a842da4ac36f9b512049967e59fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360net.dll
Filesize
477KB

MD5
2bca9e782840c8214dbc3ef6ee64404c

SHA1
9144db795c7b092ac55a5b59c0eb569e3432cfec

SHA256
1320ce2bf517978d3c65cf9cb8390318f3ea1896ef10a66b53a1832792341c62

SHA512
87188cdd4d581c9b20bb36451f0376837bfe5489b685dc28a902af441f0681ff89922138d1a160f4d926189b2ae491a7fb7158c60596116f9f09e6c9516d5c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\419E~1.URL
Filesize
178B

MD5
6cc3a788993f98bd69fb0ed3af487173

SHA1
ecac237414ee963c9c7c8dda83a4b07de01a91e5

SHA256
324807cbf73a94cfba062fe61a2932a079f530213c9f051a4bc2ac2c15bc3f40

SHA512
06559f71ceafe0686e1ed30503dcc0b7c08322f6dc62a2de3c02e1fedc5fc9715d666537f3353bc03ef33badae2d0e28882183ce40c25c811cb11df3a0dfb1cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\7za.dll
Filesize
777KB

MD5
34f4329522a2b16d1bc9ad4ab58d9fc1

SHA1
04ec3c21a59a15a85b29bead3733f0ceccce8680

SHA256
fc07200668d45a640bbd5f6997851e31a20941fcb661f8e09469899becebdf8a

SHA512
ab8efc3dee9319401634dc3d8e6fe8282dc14a6058cf923af2d69656e58ed3724cfd5d466801fcf0bf53510f5b3197986972240693e4b1bbdcc9ae562ae0eb6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\811B~1.TXT
Filesize
8KB

MD5
8adba72730f3b771da178059c525e905

SHA1
ade040d5bebe9a0dea95a450a233ccd040e71059

SHA256
1a39e073ee8457bd745cb9f1e9068074de9d857a693d9fbb34427954551eae97

SHA512
d7b27a84515a64f4487d4938baf7bbea818f4455dee9a84138d9a034eeadc4406e2aa756013a971721fc63cc894a97caf79a03631981d934e1cc4d0f85ec62f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\COMPUT~1.DAT
Filesize
3.9MB

MD5
1bd204d7c5d14c607680557f37b04b90

SHA1
fbe84572551508f780b243e3c5419fbab9e14625

SHA256
ab9b0a2f098624faf35211ce1759f8815fa4c0989b15a5d4028f4a356bc4308f

SHA512
3dfd90d8d303bfb5f76f297a7af487e522267d05a3f78b45c67cecefaf5704ff87b37f9faae5f97c5638afe211c70d2a70ba4d5a0402593f23d78238548b6350

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\COMPUT~1.SET
Filesize
65B

MD5
2d190642e5162c95e649f0032cf66dae

SHA1
262f8e1e5fff6784f31eb1a33b72e91405595297

SHA256
54a58179f47494502dd6750e2dba0008fd08958f5945346bbd8af818f52a6b3b

SHA512
6e5aa767f214c86bd1f7216ef4203931019efb7f11900d755bd409329576e4a4d6bf458b62676feab7093c9734a486e759af012a1a4bd0d1d0b246b1f10f88d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ.set
Filesize
65B

MD5
2d190642e5162c95e649f0032cf66dae

SHA1
262f8e1e5fff6784f31eb1a33b72e91405595297

SHA256
54a58179f47494502dd6750e2dba0008fd08958f5945346bbd8af818f52a6b3b

SHA512
6e5aa767f214c86bd1f7216ef4203931019efb7f11900d755bd409329576e4a4d6bf458b62676feab7093c9734a486e759af012a1a4bd0d1d0b246b1f10f88d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ1.dll
Filesize
1.1MB

MD5
6dbf812d5b61f30a21ddccaec30b4452

SHA1
4778e2d043ac593193e5e15056bb98bba564c246

SHA256
197c529acff08fbc13b11010d95c270e50ddd867f783cfec598c5f831f847033

SHA512
7b9506902c1d0a6b8b74e068be87a7d4fec8a96b3d1b05d06d533d4ef995abc7e2ce24a8d37e38b19b62ad5b316e10831c220df44360a15a6b89e18767bea699

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ2.dll
Filesize
229KB

MD5
a75f38215a115f9260b58cdd935d7d81

SHA1
dbb7d9d7e69cd5f2f4cda49bebc0fd922316a866

SHA256
102459b35d0b36f915b2cafc2e083d95f4e042815c732a2520dfb646efae4cd1

SHA512
3eeacb82ed9e61d9dc8fec13c2f87fd07b90a5052dd1a3482ee4cdb5122db77587078e7966bf72d73b776973bac09f53f37081f4af0828f1a914c0cd31d03ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ2.dll
Filesize
229KB

MD5
a75f38215a115f9260b58cdd935d7d81

SHA1
dbb7d9d7e69cd5f2f4cda49bebc0fd922316a866

SHA256
102459b35d0b36f915b2cafc2e083d95f4e042815c732a2520dfb646efae4cd1

SHA512
3eeacb82ed9e61d9dc8fec13c2f87fd07b90a5052dd1a3482ee4cdb5122db77587078e7966bf72d73b776973bac09f53f37081f4af0828f1a914c0cd31d03ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ5.dll
Filesize
197KB

MD5
d8308aa7cc08c3a56c9187029db56702

SHA1
f8a1b97e321660d814d4d01f03911f6da0caed9d

SHA256
850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8

SHA512
0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ5.dll
Filesize
197KB

MD5
d8308aa7cc08c3a56c9187029db56702

SHA1
f8a1b97e321660d814d4d01f03911f6da0caed9d

SHA256
850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8

SHA512
0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe
Filesize
1.3MB

MD5
a6463f45cb2f8d43346d53d30df13b18

SHA1
74d3afb775ff5219064b0a10cc5ead1961fadd59

SHA256
403791380577b7de0e586bcb68eb395eebca6b30039d9fc0f7bca187421bcb96

SHA512
c5e1b8165c06fe4ffffc9cbd622b05b84160f51b0637fdde895f666907a502fcd7a7b994b08685f878b94ea18266e0ea5b4e515c459cb8ed1f70b0de45994d34

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe
Filesize
1.3MB

MD5
a6463f45cb2f8d43346d53d30df13b18

SHA1
74d3afb775ff5219064b0a10cc5ead1961fadd59

SHA256
403791380577b7de0e586bcb68eb395eebca6b30039d9fc0f7bca187421bcb96

SHA512
c5e1b8165c06fe4ffffc9cbd622b05b84160f51b0637fdde895f666907a502fcd7a7b994b08685f878b94ea18266e0ea5b4e515c459cb8ed1f70b0de45994d34

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll
Filesize
8.5MB

MD5
2bcee702e76853c61a3621e410521a20

SHA1
824a186e0f1d77692b416877c18d867885dc2dca

SHA256
14f5ffec3b83ed5831f7cd046552b9b224a6ec2613643f85c8cebfdf72df80d5

SHA512
f20fec854d0399d57e58b2056063be9414a0714c8938e914fbbab6cd1fc2eac09fb3919359eaee83284b60923f38252c417ce430c081dbf4bcfbf2c176fa20e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll
Filesize
8.5MB

MD5
2bcee702e76853c61a3621e410521a20

SHA1
824a186e0f1d77692b416877c18d867885dc2dca

SHA256
14f5ffec3b83ed5831f7cd046552b9b224a6ec2613643f85c8cebfdf72df80d5

SHA512
f20fec854d0399d57e58b2056063be9414a0714c8938e914fbbab6cd1fc2eac09fb3919359eaee83284b60923f38252c417ce430c081dbf4bcfbf2c176fa20e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\D58E~1.URL
Filesize
178B

MD5
6cc3a788993f98bd69fb0ed3af487173

SHA1
ecac237414ee963c9c7c8dda83a4b07de01a91e5

SHA256
324807cbf73a94cfba062fe61a2932a079f530213c9f051a4bc2ac2c15bc3f40

SHA512
06559f71ceafe0686e1ed30503dcc0b7c08322f6dc62a2de3c02e1fedc5fc9715d666537f3353bc03ef33badae2d0e28882183ce40c25c811cb11df3a0dfb1cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DIFxAPI_x86.dll
Filesize
311KB

MD5
1bd976dd77b31fe0f25708ad5c1351ae

SHA1
50d075688835df04484f0b93792a530cb47a1872

SHA256
b3c28941ceb057de44d9c322a38bb0f63c62d7ffbd91cf7970964413978f8eb7

SHA512
d58c2be88941c15214c51c59923437863a94db7b8080ead69017f7cce19d256dbe4d1d8498762476c75c26773dfba1aaff3bed615589ebf4b39df78df1b50b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DRVINS~1.EXE
Filesize
190KB

MD5
88b760633dda4594397b2f8b88d48183

SHA1
6b86e7419c64d20b66ccfcebadd7d9781bf62b34

SHA256
59624413da628923f722f24b407b18fccc9a8c7652042cf7d9d0f0b337d11148

SHA512
5071431448a5b95dddd55a01bd1ca2c3d97a6e5a7337203c51b877f804e61f46fc7e2970fef488c6a94ec045313e2a317a14c66627b0927ae1830cc13725d340

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DataMgr.dll
Filesize
664KB

MD5
af1cc0d945bceb82863195d11ad9827e

SHA1
215884e6188ebf94b73bffbff7e040e376954874

SHA256
18d8c74199c73a226436b3cbde6ce232b8aa30dabdc0dbb64e9dc52c18fa0a05

SHA512
39f1e822ea1b0f1ac292533df058977ece4386b7636256a4158f65c9f1e6ad05cc1c91f0edb19af03fe9b757661348256b667d285243db55404c42ea3e3d3daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DataMgr.dll
Filesize
664KB

MD5
af1cc0d945bceb82863195d11ad9827e

SHA1
215884e6188ebf94b73bffbff7e040e376954874

SHA256
18d8c74199c73a226436b3cbde6ce232b8aa30dabdc0dbb64e9dc52c18fa0a05

SHA512
39f1e822ea1b0f1ac292533df058977ece4386b7636256a4158f65c9f1e6ad05cc1c91f0edb19af03fe9b757661348256b667d285243db55404c42ea3e3d3daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DownloadMgr.dll
Filesize
445KB

MD5
29cf1d28db1a5c5d68b5e0cce6c81db0

SHA1
84af3d92647f8068bf6b20c2fb1937a2c1d05bb0

SHA256
b4e3b9f375c360eec4fe7d811e0476a9a8a03fc632d890342e4c5db957ef481e

SHA512
1c5bc96d1f6ebd4d5abbc2d06fea90cf5509fb258f3e691507a3c7f1d351b230bdb2848a4d50f40bc258daa9823f920730860d6f203356d7b7584c03ccdca6ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DownloadMgr.dll
Filesize
445KB

MD5
29cf1d28db1a5c5d68b5e0cce6c81db0

SHA1
84af3d92647f8068bf6b20c2fb1937a2c1d05bb0

SHA256
b4e3b9f375c360eec4fe7d811e0476a9a8a03fc632d890342e4c5db957ef481e

SHA512
1c5bc96d1f6ebd4d5abbc2d06fea90cf5509fb258f3e691507a3c7f1d351b230bdb2848a4d50f40bc258daa9823f920730860d6f203356d7b7584c03ccdca6ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvMgrUI.dll
Filesize
2.8MB

MD5
b7908211eda24ecaf531b7543dbdaf18

SHA1
2f4b4ee78ce39b75fe55ed5c0139e45a480ae94f

SHA256
99e389a8cd446838c421a4e988f4994c4d014495ef7e1dd0694d34a82faf4b68

SHA512
38c30560b732edebbe02b7f2ec3d6e3a16ee3899c4be114a949e980f4a8cfb59c162ab587c2a717681c7eaaac54552823f0640b77f4174c941751666624343e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvMgrUI.dll
Filesize
2.8MB

MD5
b7908211eda24ecaf531b7543dbdaf18

SHA1
2f4b4ee78ce39b75fe55ed5c0139e45a480ae94f

SHA256
99e389a8cd446838c421a4e988f4994c4d014495ef7e1dd0694d34a82faf4b68

SHA512
38c30560b732edebbe02b7f2ec3d6e3a16ee3899c4be114a949e980f4a8cfb59c162ab587c2a717681c7eaaac54552823f0640b77f4174c941751666624343e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvmgrCore.dll
Filesize
1.3MB

MD5
ff8e2fcd5966c428452ebb0df4663d79

SHA1
d155f1c341adc9ae94f4e8fa85ec0cbe4e5ee41d

SHA256
e0ac7f1f166f819bf3145029153ed7fe43fcf8ca86ecaad7595f9d0ea762d94b

SHA512
7b4a67397418e6d3f560f65ba25dcec28a6c3774abecb0b9c10ffa566ca29b438c1d1a7789df1de7589027211280f57999ef5c552b835a0e798238f6e5b33a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvmgrCore.dll
Filesize
1.3MB

MD5
ff8e2fcd5966c428452ebb0df4663d79

SHA1
d155f1c341adc9ae94f4e8fa85ec0cbe4e5ee41d

SHA256
e0ac7f1f166f819bf3145029153ed7fe43fcf8ca86ecaad7595f9d0ea762d94b

SHA512
7b4a67397418e6d3f560f65ba25dcec28a6c3774abecb0b9c10ffa566ca29b438c1d1a7789df1de7589027211280f57999ef5c552b835a0e798238f6e5b33a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\LiveUpd360.dll
Filesize
593KB

MD5
e2ab61cd7dd7c8443719460140737b09

SHA1
d07424aaf894aa68bab5c7cc829e54f69f466338

SHA256
0439f9f3a68e14ee28c718ac334f9318f97858ab5430e4fa2e82eb355ed446d6

SHA512
c608aa5fd10849f5efcc74ffb02bfc59c1cd943154b30f2e2174e30543708f3b92d020d39ae36b9dd2e90c2171863b5a610ab18248d430c974853fe0a810df60

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\MiniUI.dll
Filesize
901KB

MD5
043365f793b1672fc80aaebde3b22929

SHA1
be526a544e7af66b573b29ee7100374e9deb9a1f

SHA256
2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23

SHA512
efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\MiniUI.dll
Filesize
901KB

MD5
043365f793b1672fc80aaebde3b22929

SHA1
be526a544e7af66b573b29ee7100374e9deb9a1f

SHA256
2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23

SHA512
efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe
Filesize
790KB

MD5
104c63cd4e72a2c2c19828938ea5a6d9

SHA1
839a489ae97e2e71794c6076b97df1335df1f614

SHA256
6a9dfc520cb9b164ce0858502b7fd0e3d09399c3a75c97ef4b12e866419de4c3

SHA512
967d5b1d4a52aab71cfaa67091862f3d451cdb6374576ed9aa79e2f6dd75230a848f48382180acfffa37ae4d5643280aa963bc15a34166c79223f234d0f48f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe
Filesize
790KB

MD5
104c63cd4e72a2c2c19828938ea5a6d9

SHA1
839a489ae97e2e71794c6076b97df1335df1f614

SHA256
6a9dfc520cb9b164ce0858502b7fd0e3d09399c3a75c97ef4b12e866419de4c3

SHA512
967d5b1d4a52aab71cfaa67091862f3d451cdb6374576ed9aa79e2f6dd75230a848f48382180acfffa37ae4d5643280aa963bc15a34166c79223f234d0f48f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\SignHelper.dll
Filesize
139KB

MD5
a60df7bdf1ab9583e8bf7b38f2eca0a3

SHA1
528064b42f0470e785e896df67b41c6335f176a6

SHA256
4c20f1868b4ee71cca4d399b947f7942460a4074f2942ba90f382c2476b96978

SHA512
7fd219bf83e63dae70dfc79ad1978cefa4a9aec27b69f6e7f0b6e26678c988f8e4dda88f8d000cc20a1b0fdcdd69c24c56eab9a70c242630e902fe1b2d47eea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\TempMonitor.dll
Filesize
133KB

MD5
8ad107056ef085883c5a4f3e6734afc1

SHA1
d8fe184d16280c582f03e3823794dfe76f8cb5bb

SHA256
c1965d9ca60afabe4af635e86e579f5706581f318bc4b488dc5b3af6c36cce29

SHA512
3da4f0393153ed7ad7ffe3a8ff2079c078fd4c6a19b69b70957998cbab0bb3363e774be74625f6a60d1d47037f1955c47de6e910f6a19dbe6fe27fb9ff988e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\TempMonitor.dll
Filesize
133KB

MD5
8ad107056ef085883c5a4f3e6734afc1

SHA1
d8fe184d16280c582f03e3823794dfe76f8cb5bb

SHA256
c1965d9ca60afabe4af635e86e579f5706581f318bc4b488dc5b3af6c36cce29

SHA512
3da4f0393153ed7ad7ffe3a8ff2079c078fd4c6a19b69b70957998cbab0bb3363e774be74625f6a60d1d47037f1955c47de6e910f6a19dbe6fe27fb9ff988e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\atiags32.dll
Filesize
196KB

MD5
a1f7d080d2a00a9ddca9a469c29663c0

SHA1
9fa6b676b9509eead040415ca13a097118ae2175

SHA256
81b7e8a1c0073f6b7c4188216a94e5ab6420844e1acb122d93fab4c6bc14eebe

SHA512
eef12054ace42f07b05b371aa51164bbbfd65120b111e375eaec30537c232ae85022dd1bf424ed94a8d97eb216919cc5857e332029778b93faa8064555e4e07e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\cacert.dat
Filesize
2KB

MD5
e10c92a310813373102fe1b5ac4ca476

SHA1
60bd6efd052102371df2586fa1e38d273381c11a

SHA256
2f8436d3568fa6bba1bebf367db6f50e1a0c4e0c38544a268eb5e01b30191776

SHA512
adc230eca39e7e92cc8628f8a9f0010f96d988d24dc02524a5c6a3d7faffae407ae646cb21433a4a78497b95eb9c1324558885ab365ea5c3825c41a279ea97f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\config.xml
Filesize
978B

MD5
583e167ba709fec11044409c6b09d04f

SHA1
27b363d8b5dee2df351a5d41e6f14b6156db190f

SHA256
ea5f4faf853767718beef85023fcd9e13cca2127ebb3c17331903779db2916a0

SHA512
bebb16e99340d9264b7ae4cfd1562243a8cef688d3585968046c68020f19de587668485017f74368c20b686f5543bb319cc02665a3cdbb890eb47ffa4ce2a20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\defaultskin\defaultskin.ui
Filesize
156KB

MD5
0cc06e728803d0cdeedda92e04313e6c

SHA1
62e897041bdbf18ca65f6c452abcb557e17c0ded

SHA256
3fb6414e92be15821c674a6e72295e75747e9734c827ac14e85479d4720f2b33

SHA512
72afb68bf2078e459cf2e37481c61ff172dd224f5b089bf9903b0c55660aecfdcb98622c0b04fe88edae0e2e25c0eb640cffafc7343bbe5d67ef137397678936

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\defaultskin\miniui.xml
Filesize
8KB

MD5
1c7fad425e4dc4787174876b6725c5de

SHA1
6bf7f9afb666636bea1cef7eca6ebc32f4b344a2

SHA256
ee451d9f3d84226bcd456f193e1e79ebfbd1f24b961b25770c40df93ee7ca494

SHA512
ab02ca7851e6a859244edea31b3cf931a14937ec9ad2274c49a1aedb5a258360f653d7d5e76b9c6166633c4c284db9be277ae584d89641a99da3c77564f8b57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\dynlenv.dll
Filesize
548KB

MD5
61bda655c88ce843905ce63a2d5669e4

SHA1
532304d12d6e1a740e01cf03b3439301d2c6c85d

SHA256
fa7daa6a0e13f9112de63313caf4d06081aee0c7e79b5937cff0519bb4c0bbd4

SHA512
ad9c4f862747ff55ac506ea8b9d4a84a7d0c15d9cb8e9c987722141b9c33957d6aed44b59f0d85a068431ec2b85061b6c27d38011b8dca1675905aaaf6e37bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\log\COMPUT~1.LOG
Filesize
75KB

MD5
18ff0812f49279d5306ca7fc4cdc99ce

SHA1
093b81aa33a4bbd21d673fefef3c499ec8c7cca8

SHA256
299a637d46cf16e473e6f08198de5def7e1a90a56350dfc06022ee4fbb57e6fb

SHA512
93db562648575d715a8c60bd10a0c7ca5fc3207565fc02444ce4cb091a544672d24f801c239459152d375cfa65026117657b3f165258e1cea38554257aeda5d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\pdown.dll
Filesize
230KB

MD5
48a849ff04150b2ec0836ab6bb32590a

SHA1
1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3

SHA256
ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62

SHA512
b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\pdown.dll
Filesize
230KB

MD5
48a849ff04150b2ec0836ab6bb32590a

SHA1
1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3

SHA256
ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62

SHA512
b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\清理残留.bat
Filesize
1KB

MD5
7d9f54490813dcf4a8f681f2e2e80bb3

SHA1
0794c3fe73a2aa8989b438dcedb7be751a02f4e8

SHA256
de490388bd1d840743a189d6ea4f2873a8418fccdfd634c2aa51dc5e0163dc9f

SHA512
5ee62f5f0feb15ae0329d7a8e9b99adce97e937d86539cf79edca6d8714c8bdb3e172d2fafbdaba70b427c4379cc498e5f1aed4ddf81005cb2bc2d537c6a7966

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\转载请保留并注明出处.url
Filesize
178B

MD5
6cc3a788993f98bd69fb0ed3af487173

SHA1
ecac237414ee963c9c7c8dda83a4b07de01a91e5

SHA256
324807cbf73a94cfba062fe61a2932a079f530213c9f051a4bc2ac2c15bc3f40

SHA512
06559f71ceafe0686e1ed30503dcc0b7c08322f6dc62a2de3c02e1fedc5fc9715d666537f3353bc03ef33badae2d0e28882183ce40c25c811cb11df3a0dfb1cf

Download Submit
C:\Users\Admin\AppData\Roaming\360DrvMgr\360DRV~1.DAT
Filesize
387B

MD5
4517cd78f265fb2ec84cccf5108dfe40

SHA1
3862ed9c206d26c982e3e6ed52f7af8839f63d7f

SHA256
3116e9300c2b3e82110f1b11ad8437d7cff5583d376fdf555d834352b1a8bef8

SHA512
a8727425a88c10f27eb9acd62c7b8650b4004eaccc413f2a1d199bddcde3726b78b7a75456910fa7170ab5bb305773990e2e9eaea92f6cda5f20538b491d797d

Download Submit
C:\Users\Admin\AppData\Roaming\360DrvMgr\Config.ini
Filesize
57B

MD5
af52d6fb8cb6b87a5ccc3d2ece2562c5

SHA1
b3b381e0b77a7fc85efb8b822824b3806e743181

SHA256
204cde7d986ab8fde7defcf30c34d8540d6280e8734e0ff9fe1c683c13ed1bff

SHA512
4a4409fa03eff4ebe73a9f5ebaf431db498dc2dff45e2c033503c2423ceb88a316868b84104e2759b27b1b3c5dbbacdac3244f52ab8ad84f4ac3436fa0d86ae2

Download Submit
C:\Users\Admin\AppData\Roaming\360DrvMgr\config.ini
Filesize
57B

MD5
af52d6fb8cb6b87a5ccc3d2ece2562c5

SHA1
b3b381e0b77a7fc85efb8b822824b3806e743181

SHA256
204cde7d986ab8fde7defcf30c34d8540d6280e8734e0ff9fe1c683c13ed1bff

SHA512
4a4409fa03eff4ebe73a9f5ebaf431db498dc2dff45e2c033503c2423ceb88a316868b84104e2759b27b1b3c5dbbacdac3244f52ab8ad84f4ac3436fa0d86ae2

Download Submit
memory/112-231-0x0000000077580000-0x0000000077590000-memory.dmp

Filesize
64KB

Download
memory/112-247-0x0000000077580000-0x0000000077590000-memory.dmp

Filesize
64KB

Download
memory/112-248-0x00000000039A0000-0x00000000039A1000-memory.dmp

Filesize
4KB

Download
memory/112-311-0x0000000003940000-0x000000000397B000-memory.dmp

Filesize
236KB

Download
memory/640-313-0x0000000077540000-0x0000000077550000-memory.dmp

Filesize
64KB

Download
memory/640-315-0x0000000077540000-0x0000000077550000-memory.dmp

Filesize
64KB

Download
memory/1328-259-0x0000000077580000-0x0000000077590000-memory.dmp

Filesize
64KB

Download
memory/1328-326-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1328-325-0x0000000002C30000-0x0000000002C6B000-memory.dmp

Filesize
236KB

Download
memory/1328-319-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1328-318-0x0000000002C30000-0x0000000002C6B000-memory.dmp

Filesize
236KB

Download