7a35601d4455c9f825f00851030411de5a1d8a7d78676f617ce40ed048bd4d81

Analysis

max time kernel
251s
max time network
276s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2023 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
Size

89.4MB
MD5

fd9917b755bdabe949025524ceb36584
SHA1

26cc325a57efc15d6e1b3c8d0138934c4dcb7580
SHA256

7a35601d4455c9f825f00851030411de5a1d8a7d78676f617ce40ed048bd4d81
SHA512

96ba9d1b7b7dcc7edc2185cb905797c8bf0fe540675898c0ca92e8ae2f473d03e545943a315185026a6dee0f0596a73cf63c5681b58c46b208b2c4cad4a24148
SSDEEP

1572864:tAoKva04914hNG4E0oiK2voCs+u4+lmxsKDs5XbiT9sEKmWEZNmsQ7D8J3C:2thg4E0oGgCml4sxy6mbasSD8J3C

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe

Executes dropped EXE 2 IoCs

Processes:

360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exeWscReg.exe

pid process

1480 360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
3044 WscReg.exe

pid	process
1480	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
3044	WscReg.exe

Loads dropped DLL 3 IoCs

Processes:

360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe

pid	process
2056	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
1480	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
1480	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

explorer.exe

description ioc process

File opened (read-only) \??\D: explorer.exe

description	ioc	process
File opened (read-only)	\??\D:	explorer.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe

Drops file in Program Files directory 3 IoCs

Processes:

description	ioc	process
File opened for modification	C:\Program Files (x86)\1680224748_0\360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
File created	C:\Program Files (x86)\360\Total Security\writeable_test_240684500.dat	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
File created	C:\Program Files (x86)\1680224748_0\360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe

Checks SCSI registry key(s) 3 TTPs 42 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

explorer.exetaskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies registry class 10 IoCs

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{4245D226-DFFF-47C8-8D7C-9463ADCB67C0}	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

Processes:

taskmgr.exetaskmgr.exeWscReg.exe

pid	process
3224	taskmgr.exe
3224	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3044	WscReg.exe
3044	WscReg.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exeexplorer.exe

pid process

1480 360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
4428 explorer.exe

pid	process
1480	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
4428	explorer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskmgr.exetaskmgr.exeexplorer.exe

description	pid	process
Token: SeDebugPrivilege	3224	taskmgr.exe
Token: SeSystemProfilePrivilege	3224	taskmgr.exe
Token: SeCreateGlobalPrivilege	3224	taskmgr.exe
Token: 33	3224	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3224	taskmgr.exe
Token: SeDebugPrivilege	3292	taskmgr.exe
Token: SeSystemProfilePrivilege	3292	taskmgr.exe
Token: SeCreateGlobalPrivilege	3292	taskmgr.exe
Token: 33	3292	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3292	taskmgr.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe
Token: SeShutdownPrivilege	4428	explorer.exe
Token: SeCreatePagefilePrivilege	4428	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exetaskmgr.exe

pid	process
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exetaskmgr.exe

pid	process
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3224	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe
3292	taskmgr.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

description	pid	process	target process
PID 2056 wrote to memory of 1480	2056	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
PID 2056 wrote to memory of 1480	2056	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
PID 2056 wrote to memory of 1480	2056	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
PID 1480 wrote to memory of 3044	1480	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe	WscReg.exe
PID 1480 wrote to memory of 3044	1480	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe	WscReg.exe
PID 1480 wrote to memory of 3044	1480	360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe	WscReg.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
"C:\Users\Admin\AppData\Local\Temp\360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2056

C:\Program Files (x86)\1680224748_0\360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
"C:\Program Files (x86)\1680224748_0\360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe" /TSinstall
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1480

C:\Users\Admin\AppData\Local\Temp\1680224810_00000000_wscreg\WscReg.exe
/regas:1_1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3044

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3224

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3292

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\SplitComplete.js"
1⤵
PID:4588

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\SplitComplete.js"
1⤵
PID:4036

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\a8eb3b341a2d4576a85a33831b0431e6 /t 3240 /p 3236
1⤵
PID:3908

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UpdateUnlock.html
2⤵
PID:8

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RenameExport.jpeg" /ForceBootstrapPaint3D
2⤵
PID:1004

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\a4e9f5596c4540e8a927b57f9ee38b16 /t 4656 /p 4428
1⤵
PID:1272

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1636

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3464

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\1680224748_0\360TS_Setup_10.8.0.1541.h2.BIZ.ACNT_424260.kfa9S9jk2zVDzFgPjIDUSaITNWJYfjg-2Gs0uPb5yA6-rFz6lpOb_HgRVv-z5IFR.tsb.exe
Filesize
89.4MB

MD5
fd9917b755bdabe949025524ceb36584

SHA1
26cc325a57efc15d6e1b3c8d0138934c4dcb7580

SHA256
7a35601d4455c9f825f00851030411de5a1d8a7d78676f617ce40ed048bd4d81

SHA512
96ba9d1b7b7dcc7edc2185cb905797c8bf0fe540675898c0ca92e8ae2f473d03e545943a315185026a6dee0f0596a73cf63c5681b58c46b208b2c4cad4a24148

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\1680224748_00000000_base\360base.dll
Filesize
884KB

MD5
8c42fc725106cf8276e625b4f97861bc

SHA1
9c4140730cb031c29fc63e17e1504693d0f21c13

SHA256
d1ca92aa0789ee87d45f9f3c63e0e46ad2997b09605cbc2c57da2be6b8488c22

SHA512
f3c33dfe8e482692d068bf2185bec7d0d2bb232e6828b0bc8dc867da9e7ca89f9356fde87244fe686e3830f957c052089a87ecff4e44842a1a7848246f0ba105

Download Submit
C:\Users\Admin\AppData\Local\Temp\1680224748_00000000_base\360base.dll
Filesize
884KB

MD5
8c42fc725106cf8276e625b4f97861bc

SHA1
9c4140730cb031c29fc63e17e1504693d0f21c13

SHA256
d1ca92aa0789ee87d45f9f3c63e0e46ad2997b09605cbc2c57da2be6b8488c22

SHA512
f3c33dfe8e482692d068bf2185bec7d0d2bb232e6828b0bc8dc867da9e7ca89f9356fde87244fe686e3830f957c052089a87ecff4e44842a1a7848246f0ba105

Download Submit
C:\Users\Admin\AppData\Local\Temp\1680224788_00000000_base\360base.dll
Filesize
884KB

MD5
8c42fc725106cf8276e625b4f97861bc

SHA1
9c4140730cb031c29fc63e17e1504693d0f21c13

SHA256
d1ca92aa0789ee87d45f9f3c63e0e46ad2997b09605cbc2c57da2be6b8488c22

SHA512
f3c33dfe8e482692d068bf2185bec7d0d2bb232e6828b0bc8dc867da9e7ca89f9356fde87244fe686e3830f957c052089a87ecff4e44842a1a7848246f0ba105

Download Submit
C:\Users\Admin\AppData\Local\Temp\1680224810_00000000_wscreg\WscReg.exe
Filesize
2.9MB

MD5
c7dbfd0d17929c83f12080eb4680595f

SHA1
210f608a7929bf4085815522ffe2695063125e69

SHA256
a628b37df526093026862a1180484beece436b5dfba83648551fe57ce9a5dd75

SHA512
7d8d5b387cf65920e7a1f2aa7c0ce111eb5d600fe69ec48c66f3bf05c870dad0e34d9637b1852af0f379495bc3ebc277d130d14701e2b4114f8d50bab057c5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1680224810_00000000_wscreg\WscReg.exe
Filesize
2.9MB

MD5
c7dbfd0d17929c83f12080eb4680595f

SHA1
210f608a7929bf4085815522ffe2695063125e69

SHA256
a628b37df526093026862a1180484beece436b5dfba83648551fe57ce9a5dd75

SHA512
7d8d5b387cf65920e7a1f2aa7c0ce111eb5d600fe69ec48c66f3bf05c870dad0e34d9637b1852af0f379495bc3ebc277d130d14701e2b4114f8d50bab057c5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\7z.dll
Filesize
1.1MB

MD5
e74067bfda81cd82fe3a5fc2fdb87e2b

SHA1
de961204751d9af1bab9c2a9ba16edc7a4ae7388

SHA256
898bf5db34d9997b3d90b87091f34ae4e3e9cf34b6f2ae7fb8fd86e8a1bb684e

SHA512
c0b1d851d97df2635b865d7f0a252881eef622363e08190e1f45ec308fdbd81f94ece53a6c2b1b36c38fcb82c2b8262f31a936a399cee567631b9146cf3ef60a

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\config\lang\de\SysSweeper.ui.dat
Filesize
102KB

MD5
98a38dfe627050095890b8ed217aa0c5

SHA1
3da96a104940d0ef2862b38e65c64a739327e8f8

SHA256
794331c530f22c2390dd44d18e449c39bb7246868b07bdf4ff0be65732718b13

SHA512
fb417aa5de938aaf01bb9a07a3cd42c338292438f5a6b17ef1b8d800a5605c72df81d3bae582e17162f6b1c5008fd63035fa7a637e07e2697cb1b34f9197a0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\en\ipc\appmon.dat
Filesize
28KB

MD5
9a6ba86a05fa29b2060add92e29f74c2

SHA1
eb0f407816d001283ce8e35a46702506232e4659

SHA256
1acdbe9ac338df8714ad24110c651932a29a6c1fdf8bda40d8351aa025694f8b

SHA512
fb3aea6ce2cbc624bb2f8952eed26c263a99a6fbe1b7ed6bea6581984728918655bf1643d2f4fe77a4e7e472b97cf68bbe73d20220a01e27f91e6d48e029a2d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\es\deepscan\dsurls.dat
Filesize
1KB

MD5
69d457234e76bc479f8cc854ccadc21e

SHA1
7f129438445bb1bde6b5489ec518cc8f6c80281b

SHA256
b0355da8317155646eba806991c248185cb830fe5817562c50af71d297f269ee

SHA512
200de0ffce7294266491811c6c29c870a5bc21cdf29aa626fc7a41d24faf1bfe054920bd8862784feaba75ba866b8ab5fd65df4df1e3968f78795ab1f4ad0d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\es\ipc\360ipc.dat
Filesize
1KB

MD5
ea5fdb65ac0c5623205da135de97bc2a

SHA1
9ca553ad347c29b6bf909256046dd7ee0ecdfe37

SHA256
0ba4355035fb69665598886cb35359ab4b07260032ba6651a9c1fcea2285726d

SHA512
bb9123069670ac10d478ba3aed6b6587af0f077d38ca1e2f341742eaf642a6605862d3d4dbf687eb7cb261643cf8c95be3fba1bfa0ee691e8e1ed17cc487b11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\es\ipc\360netd.dat
Filesize
43KB

MD5
d89ff5c92b29c77500f96b9490ea8367

SHA1
08dd1a3231f2d6396ba73c2c4438390d748ac098

SHA256
3b5837689b4339077ed90cfeb937d3765dda9bc8a6371d25c640dfcee296090a

SHA512
88206a195cd3098b46eec2c8368ddc1f90c86998d7f6a8d8ec1e57ae201bc5939b6fe6551b205647e20e9a2d144abd68f64b75edd721342861acb3e12450060d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\es\ipc\360netr.dat
Filesize
1KB

MD5
db5227079d3ca5b34f11649805faae4f

SHA1
de042c40919e4ae3ac905db6f105e1c3f352fb92

SHA256
912102c07fcabe6d8a018de20b2ad97ea5f775dcb383cd3376168b7ebf8f9238

SHA512
519ab81d0c3391f88050e5d7a2e839913c45c68f26dabad34c06c461ddb84c781bf7224e4d093462c475700e706eef562d1210cee3dba00a985d8dadbf165c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\es\ipc\filemon.dat
Filesize
15KB

MD5
bfed06980072d6f12d4d1e848be0eb49

SHA1
bb5dd7aa1b6e4242b307ea7fabac7bc666a84e3d

SHA256
b065e3e3440e1c83d6a4704acddf33e69b111aad51f6d4194d6abc160eccfdc2

SHA512
62908dd2335303da5ab41054d3278fe613ed9031f955215f892f0c2bb520ce1d26543fa53c75ce5da4e4ecf07fd47d4795fafbdb6673fac767b37a4fa7412d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\es\ipc\regmon.dat
Filesize
30KB

MD5
9f2a98bad74e4f53442910e45871fc60

SHA1
7bce8113bbe68f93ea477a166c6b0118dd572d11

SHA256
1c743d2e319cd63426f05a3c51dfea4c4f5b923c96f9ecce7fcf8d4d46a8c687

SHA512
a8267905058170ed42ba20fe9e0a6274b83dcda0dd8afa77cbff8801ed89b1f108cfe00a929f2e7bbae0fc079321a16304d69c16ec9552c80325db9d6d332d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\es\libdefa.dat
Filesize
319KB

MD5
aeb5fab98799915b7e8a7ff244545ac9

SHA1
49df429015a7086b3fb6bb4a16c72531b13db45f

SHA256
19fa3cbec353223c9e376b7e06f050cc27b3c12d255fdcb5c36342fa3febbec4

SHA512
2d98ed2e9c26a61eb2f1a7beb8bd005eb4d3d0dac297c93faaf61928a05fb1c6343bb7a6b2c073c6520c81befdb51c87383eab8e7ca49bb060b344f2cf08f4d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\es\safemon\drvmon.dat
Filesize
5KB

MD5
c2a0ebc24b6df35aed305f680e48021f

SHA1
7542a9d0d47908636d893788f1e592e23bb23f47

SHA256
5ee31b5ada283f63ac19f79b3c3efc9f9e351182fcabf47ffccdd96060bfa2cf

SHA512
ea83e770ad03b8f9925654770c5fd7baf2592d6d0dd5b22970f38b0a690dfd7cb135988548547e62cca5f09cb737224bbb8f2c15fe3b9b02b996c319f6e271ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\fr\deepscan\art.dat
Filesize
38KB

MD5
0297d7f82403de0bb5cef53c35a1eba1

SHA1
e94e31dcd5c4b1ff78df86dbef7cd4e992b5d8a8

SHA256
81adb709eec2dfb3e7b261e3e279adf33de00e4d9729f217662142f591657374

SHA512
ce8983e3af798f336e34343168a14dc04e4be933542254ce14ff755d5eb2bcb6e745eda488bc24be2b323119006cf0bdb392c7b48558ca30f7f2e170a061a75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\fr\deepscan\dsr.dat
Filesize
58KB

MD5
504461531300efd4f029c41a83f8df1d

SHA1
2466e76730121d154c913f76941b7f42ee73c7ae

SHA256
4649eedc3bafd98c562d4d1710f44de19e8e93e3638bc1566e1da63d90cb04ad

SHA512
f7dd16173120dbfe2dabeab0c171d7d5868fd3107f13c2967183582fd23fd96c7eeca8107463a4084ad9f8560cd6447c35dc18b331fd3f748521518ac8e46632

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\hi\deepscan\dsconz.dat
Filesize
18KB

MD5
f76cd5b5dbcccd3a21df516e6eb814ed

SHA1
5d62c1c3caea405a4ddd0b891d06e41deabcb8ae

SHA256
75f44e910966a657f96eceb5ca734d4cf919f76aae3f862cac2674c533e40c3b

SHA512
edd26a0202b3bb46177d09c322693d67efec8cedd6c285645191cdfbc92299ea3b193fab3de5e39107a5d57e98e144c9c728d544c24020ad43729b72d38a394c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\it\safemon\bp.dat
Filesize
2KB

MD5
1b5647c53eadf0a73580d8a74d2c0cb7

SHA1
92fb45ae87f0c0965125bf124a5564e3c54e7adb

SHA256
d81e7765dacef70a07c2d77e3ab1c953abd4c8b0c74f53df04c3ee4adf192106

SHA512
439738f2cdd0024e4d4f0da9668714fd369fb939424e865a29fc78725459b98c3f8ac746c65e7d338073374ab695c58d52b86aea72865496cd4b20fcd1aa9295

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\it\safemon\wd.ini
Filesize
8KB

MD5
bbcd2bd46f45a882a56d4ea27e6aca88

SHA1
69ec4e9df7648feff4905af2651abff6f6f9cc00

SHA256
dfe29bbd5fa9d1a9aac3efbef341ef02a44fcdf5b826cfa1fdd646bf27fa6655

SHA512
0619a5e55e479da2085602a91d7077ada2892e345a080adcb759fbcf9c51e1d1d07f362c02218ce880ad7858c9c262432b13979a2ff0ba4122a492479c748dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\ipc\NetDefender.dll.locale
Filesize
24KB

MD5
cd37f1dbeef509b8b716794a8381b4f3

SHA1
3c343b99ec5af396f3127d1c9d55fd5cfa099dcf

SHA256
4d1a978e09c6dafdcf8d1d315191a9fb8c0d2695e75c7b8650817d027008d1c1

SHA512
178b73ed00bfd8241cc9191dbdd631ae28b5c7e76661863b326efde2dc2cb438716c0b70896ee313436ccd90f61db5226a3484169176f5a4b79ead1fb4451419

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\ipc\Sxin.dll.locale
Filesize
48KB

MD5
3e88c42c6e9fa317102c1f875f73d549

SHA1
156820d9f3bf6b24c7d24330eb6ef73fe33c7f72

SHA256
7e885136a20c3ab48cdead810381dccb10761336a62908ce78fe7f7d397cde0e

SHA512
58341734fb0cf666dfe9032a52674a645306a93430ebb2c6e5ad987e66ce19c8a91f3feebf9bba54b981d62127613dec3c939ef4168054d124b855a511b6d59c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\ipc\Sxin64.dll.locale
Filesize
46KB

MD5
dc4a1c5b62580028a908f63d712c4a99

SHA1
5856c971ad3febe92df52db7aadaad1438994671

SHA256
ee05002e64e561777ea43ac5b9857141dabb7c9eed007a0d57c30924f61af91e

SHA512
45da43ac5b0321ddc5ec599818287bd87b7b6822c8dd6d790b5bbf1232000092afa695774cd3d9c787919ad02ca9846f7200970e273a99bfbe2aa6bebfe7e8ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\ipc\appd.dll.locale
Filesize
25KB

MD5
9cbd0875e7e9b8a752e5f38dad77e708

SHA1
815fdfa852515baf8132f68eafcaf58de3caecfc

SHA256
86506ad8b30fc115f19ea241299f000bce38626fe1332601c042ee6109031e89

SHA512
973801758415f10462445e9b284a3c5991ced2279674a6658d4b96c5f2d74aea31ce324ac0a3f20406df3594fbe8939483dce11b8d302e65db97f7bb513d1624

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\ipc\filemgr.dll.locale
Filesize
21KB

MD5
3917cbd4df68d929355884cf0b8eb486

SHA1
917a41b18fcab9fadda6666868907a543ebd545d

SHA256
463916c13812228c4fb990a765cbb5d0ee8bb7a1e27de9bdcea1a63cc5095a6a

SHA512
072939985caa724ee5d078c32d41e60543027e23cce67b6f51c95e65ac16abaf2a1d6dce1692395c206c404f077219d30e9551c6d7592be3a0738c44e0627417

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\ipc\yhregd.dll.locale
Filesize
18KB

MD5
8a6421b4e9773fb986daf675055ffa5a

SHA1
33e5c4c943df418b71ce1659e568f30b63450eec

SHA256
02e934cbf941d874ba0343587a1e674f21fd2edef8b4a0cc0354c068ec6fe58b

SHA512
1bb85909a5f00c4d2bf42c0cb7e325982c200babb815df888c913083aebd2c61020225beedda1e7861f7786a9f99179199ec6412d63dd1a3f1b8c8c9634e77ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\safemon\360SPTool.exe.locale
Filesize
31KB

MD5
9259b466481a1ad9feed18f6564a210b

SHA1
ceaaa84daeab6b488aad65112e0c07b58ab21c4c

SHA256
15164d3600abd6b8f36ac9f686e965cfb2868025a01cded4f7707b1ae5008964

SHA512
b7b06367ba9aa0c52ac5cfc49d66e220232d5482b085287c43de2ef8131f5ee703ffeb4d7bef0e5d9a430c0146bb2ab69c36174982184a0c06e6beda14e808b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\safemon\360procmon.dll.locale
Filesize
106KB

MD5
7bdac7623fb140e69d7a572859a06457

SHA1
e094b2fe3418d43179a475e948a4712b63dec75b

SHA256
51475f2fa4cf26dfc0b6b27a42b324a109f95f33156618172544db97cbf4dddd

SHA512
fbed994a360ecff425728b1a465c14ffe056c9b227c2eb33f221e0614984fd21670eddb3681c20e31234a57bfe26bcf02c6a3b5e335d18610d09b4ed14aa5fb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\safemon\Safemon64.dll.locale
Filesize
52KB

MD5
a891bba335ebd828ff40942007fef970

SHA1
39350b39b74e3884f5d1a64f1c747936ad053d57

SHA256
129a7ba4915d44a475ed953d62627726b9aa4048ffcc316c47f7f533b68af58b

SHA512
91d1b04d550eda698b92d64f222ec59c29b5842115b3c3f1159313b620975bc8475b27151c23f21a78f60abd6c7fa9ce5cb1ea45f9349942338f9bf0c8cfc99f

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\safemon\SelfProtectAPI2.dll.locale
Filesize
21KB

MD5
9d8db959ff46a655a3cd9ccada611926

SHA1
99324fdc3e26e58e4f89c1c517bf3c3d3ec308e9

SHA256
a71e57cafb118f29740cd80527b094813798e880de682eca33bfe97aaa20b509

SHA512
9a2f2d88968470b49d9d13569263050b463570c3cce1b9821909e910a8a358e64ad428b86095a18f596d2b3ed77e0e21d40f9c24543e4a0872e6b35c5103bede

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\safemon\safemon.dll.locale
Filesize
53KB

MD5
770107232cb5200df2cf58cf278aa424

SHA1
2340135eef24d2d1c88f8ac2d9a2c2f5519fcb86

SHA256
110914328d4bf85058efa99db13bfec2c73e3b175b91dfd6b41c6fa72ebaa103

SHA512
0f8b98ded900d9421eb90cffd527d8218b14354d90b172d592c4945c482191d5e512f2678217c6214addb38da0b9bb9287f84963a50447cf232962bd99b0c3e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\safemon\spsafe.dll.locale
Filesize
9KB

MD5
22a6711f3196ae889c93bd3ba9ad25a9

SHA1
90c701d24f9426f551fd3e93988c4a55a1af92c4

SHA256
61c130d1436efba0a4975bc3f1c5f9fdf094a097d8182119193b44150344940e

SHA512
33db4f9474df53ce434f6e22f6883da100473d1b819984171356eeef523ba534c4abaf2536596b8758358e755e5d9f3793d85be12d2d8d5284fc7d13f6c005cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\safemon\spsafe64.dll.locale
Filesize
9KB

MD5
5823e8466b97939f4e883a1c6bc7153a

SHA1
eb39e7c0134d4e58a3c5b437f493c70eae5ec284

SHA256
9327e539134100aa8f61947da7415750f131c4e03bbb7edb61b0fab53ea34075

SHA512
e4ea824314151115592b3b2ad8cd423dc2a7183292aa165f74f8e35da4f142d84d296d34506f503d448c7bd423be6bf04da2412b7daf474fbf4ef6a2af142bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\i18n\pl\safemon\webprotection_firefox\plugins\nptswp.dll.locale
Filesize
10KB

MD5
5efd82b0e517230c5fcbbb4f02936ed0

SHA1
9f3ea7c0778fedf87a6ed5345e6f45fb1bd173fb

SHA256
09d58a2f0656a777a66288ac4068aa94a2d58d0534328862b8371709eab2003b

SHA512
12775c718f24daa20ec8e4f3bdede4199c478900b12addcb068ae7b20806850fdc903e01c82e6b54e94363725dcff343aeac39c3512f5ea58d1ba8d46712ad33

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230331010636_240670125\temp_files\safemon\WscReg.exe
Filesize
2.9MB

MD5
c7dbfd0d17929c83f12080eb4680595f

SHA1
210f608a7929bf4085815522ffe2695063125e69

SHA256
a628b37df526093026862a1180484beece436b5dfba83648551fe57ce9a5dd75

SHA512
7d8d5b387cf65920e7a1f2aa7c0ce111eb5d600fe69ec48c66f3bf05c870dad0e34d9637b1852af0f379495bc3ebc277d130d14701e2b4114f8d50bab057c5f3

Download Submit
\??\c:\program files (x86)\1680224748_0\360ts_setup_10.8.0.1541.h2.biz.acnt_424260.kfa9s9jk2zvdzfgpjidusaitnwjyfjg-2gs0upb5ya6-rfz6lpob_hgrvv-z5ifr.tsb.exe
Filesize
89.4MB

MD5
fd9917b755bdabe949025524ceb36584

SHA1
26cc325a57efc15d6e1b3c8d0138934c4dcb7580

SHA256
7a35601d4455c9f825f00851030411de5a1d8a7d78676f617ce40ed048bd4d81

SHA512
96ba9d1b7b7dcc7edc2185cb905797c8bf0fe540675898c0ca92e8ae2f473d03e545943a315185026a6dee0f0596a73cf63c5681b58c46b208b2c4cad4a24148

Download Submit
memory/1480-166-0x00000000082F0000-0x00000000082F1000-memory.dmp

Filesize
4KB

Download
memory/1480-193-0x00000000082F0000-0x00000000082F1000-memory.dmp

Filesize
4KB

Download
memory/3224-159-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3224-163-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3224-140-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3224-141-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3224-143-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3224-158-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3224-157-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3224-160-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3224-161-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3224-162-0x000001A3A4C10000-0x000001A3A4C11000-memory.dmp

Filesize
4KB

Download
memory/3292-172-0x000002B7A7CA0000-0x000002B7A7CA1000-memory.dmp

Filesize
4KB

Download
memory/3292-186-0x000002B7A7CA0000-0x000002B7A7CA1000-memory.dmp

Filesize
4KB

Download
memory/3292-170-0x000002B7A7CA0000-0x000002B7A7CA1000-memory.dmp

Filesize
4KB

Download
memory/3292-187-0x000002B7A7CA0000-0x000002B7A7CA1000-memory.dmp

Filesize
4KB

Download
memory/3292-171-0x000002B7A7CA0000-0x000002B7A7CA1000-memory.dmp

Filesize
4KB

Download
memory/3292-185-0x000002B7A7CA0000-0x000002B7A7CA1000-memory.dmp

Filesize
4KB

Download
memory/3292-177-0x000002B7A7CA0000-0x000002B7A7CA1000-memory.dmp

Filesize
4KB

Download
memory/3292-183-0x000002B7A7CA0000-0x000002B7A7CA1000-memory.dmp

Filesize
4KB

Download
memory/3292-180-0x000002B7A7CA0000-0x000002B7A7CA1000-memory.dmp

Filesize
4KB

Download