4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959

Analysis

max time kernel
136s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2023 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe
Size

7.6MB
MD5

b47f314ea27a55736bf8cd9a9168dc60
SHA1

dbcc6cf2edd87282e813603030e0ad50a555aecc
SHA256

4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959
SHA512

9495dee9a7725eca12574d895958ba4887586773d10f94e5436a4f6658ce765cdd1f0d1c15468f5eb7f5de07fec326f1bf04efdf750b1cc1561a8fd215d5a02c
SSDEEP

196608:tgOGUhZDG+Y2Ml+z2WQEZSI25s1e1AQnQDOvd:tgOvXMl82WQEUdKsAQny4

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	ComputerZService.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	360DrvMgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe

Executes dropped EXE 3 IoCs

pid	Process
4108	360DrvMgr.exe
1516	ComputerZService.exe
3816	ScriptExecute.exe

Loads dropped DLL 13 IoCs

pid	Process
4108	360DrvMgr.exe
4108	360DrvMgr.exe
4108	360DrvMgr.exe
4108	360DrvMgr.exe
4108	360DrvMgr.exe
4108	360DrvMgr.exe
4108	360DrvMgr.exe
1516	ComputerZService.exe
4108	360DrvMgr.exe
1516	ComputerZService.exe
1516	ComputerZService.exe
1516	ComputerZService.exe
1516	ComputerZService.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	ComputerZService.exe
File opened (read-only)	\??\J:	ComputerZService.exe
File opened (read-only)	\??\O:	ComputerZService.exe
File opened (read-only)	\??\S:	ComputerZService.exe
File opened (read-only)	\??\Q:	ComputerZService.exe
File opened (read-only)	\??\R:	ComputerZService.exe
File opened (read-only)	\??\X:	ComputerZService.exe
File opened (read-only)	\??\Y:	ComputerZService.exe
File opened (read-only)	\??\H:	ComputerZService.exe
File opened (read-only)	\??\N:	ComputerZService.exe
File opened (read-only)	\??\P:	ComputerZService.exe
File opened (read-only)	\??\I:	ComputerZService.exe
File opened (read-only)	\??\K:	ComputerZService.exe
File opened (read-only)	\??\L:	ComputerZService.exe
File opened (read-only)	\??\M:	ComputerZService.exe
File opened (read-only)	\??\V:	ComputerZService.exe
File opened (read-only)	\??\B:	ComputerZService.exe
File opened (read-only)	\??\E:	ComputerZService.exe
File opened (read-only)	\??\F:	ComputerZService.exe
File opened (read-only)	\??\U:	ComputerZService.exe
File opened (read-only)	\??\Z:	ComputerZService.exe
File opened (read-only)	\??\A:	ComputerZService.exe
File opened (read-only)	\??\G:	ComputerZService.exe
File opened (read-only)	\??\T:	ComputerZService.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	360DrvMgr.exe
File opened for modification	\??\PhysicalDrive0	ComputerZService.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\hdaudio.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	ComputerZService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	ComputerZService.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_diskdrive.PNF	360DrvMgr.exe
File created	C:\Windows\INF\c_media.PNF	360DrvMgr.exe
File created	C:\Windows\INF\c_display.PNF	360DrvMgr.exe
File created	C:\Windows\INF\c_processor.PNF	360DrvMgr.exe
File opened for modification	C:\Windows\	ComputerZService.exe
File created	C:\Windows\INF\c_volume.PNF	360DrvMgr.exe
File created	C:\Windows\INF\c_monitor.PNF	360DrvMgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2868	4108	WerFault.exe	85

Checks SCSI registry key(s) 3 TTPs 24 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	360DrvMgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	360DrvMgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	ComputerZService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	ComputerZService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Driver	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	360DrvMgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	360DrvMgr.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery

T1057

pid	Process
3696	tasklist.exe
5084	tasklist.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	ComputerZService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	ComputerZService.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	ComputerZService.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\360DrvMgr.exe = "8000"	360DrvMgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE	360DrvMgr.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE\360DrvMgr.exe = "8000"	360DrvMgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	360DrvMgr.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	ComputerZService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	ComputerZService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	ComputerZService.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4108	360DrvMgr.exe
4108	360DrvMgr.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
676	Process not Found
676	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1516	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	1516	ComputerZService.exe
Token: SeLoadDriverPrivilege	4108	360DrvMgr.exe
Token: SeLoadDriverPrivilege	4108	360DrvMgr.exe
Token: SeDebugPrivilege	3696	tasklist.exe
Token: SeDebugPrivilege	5084	tasklist.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4108	360DrvMgr.exe
4108	360DrvMgr.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 3828	4828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	84
PID 4828 wrote to memory of 3828	4828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	84
PID 4828 wrote to memory of 3828	4828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	84
PID 3828 wrote to memory of 4108	3828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	85
PID 3828 wrote to memory of 4108	3828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	85
PID 3828 wrote to memory of 4108	3828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	85
PID 4108 wrote to memory of 1516	4108	360DrvMgr.exe	88
PID 4108 wrote to memory of 1516	4108	360DrvMgr.exe	88
PID 4108 wrote to memory of 1516	4108	360DrvMgr.exe	88
PID 4108 wrote to memory of 3816	4108	360DrvMgr.exe	94
PID 4108 wrote to memory of 3816	4108	360DrvMgr.exe	94
PID 4108 wrote to memory of 3816	4108	360DrvMgr.exe	94
PID 4828 wrote to memory of 3064	4828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	97
PID 4828 wrote to memory of 3064	4828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	97
PID 3064 wrote to memory of 3696	3064	cmd.exe	99
PID 3064 wrote to memory of 3696	3064	cmd.exe	99
PID 3064 wrote to memory of 3168	3064	cmd.exe	100
PID 3064 wrote to memory of 3168	3064	cmd.exe	100
PID 4828 wrote to memory of 4272	4828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	101
PID 4828 wrote to memory of 4272	4828	4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe	101
PID 4272 wrote to memory of 5084	4272	cmd.exe	103
PID 4272 wrote to memory of 5084	4272	cmd.exe	103
PID 4272 wrote to memory of 5112	4272	cmd.exe	104
PID 4272 wrote to memory of 5112	4272	cmd.exe	104

C:\Users\Admin\AppData\Local\Temp\4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe
"C:\Users\Admin\AppData\Local\Temp\4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Users\Admin\AppData\Local\Temp\4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe
  "C:\Users\Admin\AppData\Local\Temp\4459704437071c72aead7341202a8ecd459d6f34bd5937ad349bc926a69e7959.exe" -sfxwaitall:0 "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:3828
- - C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
    "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe
      "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe"
      4⤵
      Checks BIOS information in registry
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Writes to the Master Boot Record (MBR)
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Enumerates system info in registry
      Modifies system certificate store
      Suspicious use of AdjustPrivilegeToken
      PID:1516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 3148
      4⤵
      Program crash
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe
      "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe" /tip
      4⤵
      Executes dropped EXE
      PID:3816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c tasklist | find /i "360DrvMgr.exe" || @pushd "C:\Users\Admin\AppData\Local\Temp\360DrvMgr" >nul 2>&1 & CALL "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\清理残留.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:3696
- - C:\Windows\system32\find.exe
    find /i "360DrvMgr.exe"
    3⤵
    PID:3168
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c tasklist | find /i "360DrvMgr.exe" || rd /s /q "C:\Users\Admin\AppData\Local\Temp\360DrvMgr"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4272
- - C:\Windows\system32\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:5084
- - C:\Windows\system32\find.exe
    find /i "360DrvMgr.exe"
    3⤵
    PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4108 -ip 4108
1⤵
PID:2724

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\360DrvMgr\!)C40E~1.BAT

Filesize
1KB

MD5
3c113eb77eba88a6df3eee2b53397b0a

SHA1
b27290066286f44255c6d2a161d6ded70a2c6409

SHA256
fb1e659f76cc635338f8423a34b7c9cef10d0cf90ebcdb33ce6695b44cfc1945

SHA512
791748d5d7e7ac9fc9701c883b0a6e1366cd6a789eb6d20fc7d68c37e1861774d9f85b1f7e442ca70e89f1dcc543510113604d55d5fc08918c4dc6aa086470fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\187E~1.TXT

Filesize
3KB

MD5
67f07d6a49c881b76f5fe73eee27efc3

SHA1
146cd4e130faca9c29cd4062868f476cbad005c5

SHA256
6b167519cce5fe93a1238c0864a5cec3dc965db623dfce0d939a3a2df1f5becd

SHA512
024bbd5c661492e84730ecfb5c34d7f7807dfa8e9e0759a651c19edc0a738cffc8be373541f59d604a10f6a21bf91317305e8c4d4c7c71e24acbc869a97a8773

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\33D9~1.URL

Filesize
178B

MD5
6cc3a788993f98bd69fb0ed3af487173

SHA1
ecac237414ee963c9c7c8dda83a4b07de01a91e5

SHA256
324807cbf73a94cfba062fe61a2932a079f530213c9f051a4bc2ac2c15bc3f40

SHA512
06559f71ceafe0686e1ed30503dcc0b7c08322f6dc62a2de3c02e1fedc5fc9715d666537f3353bc03ef33badae2d0e28882183ce40c25c811cb11df3a0dfb1cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360Base.dll

Filesize
900KB

MD5
a73cf0457df35fab74ef3393d2766667

SHA1
c123e15967e7ab980eba5431a6993e646500befd

SHA256
df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd

SHA512
faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360Base.dll

Filesize
900KB

MD5
a73cf0457df35fab74ef3393d2766667

SHA1
c123e15967e7ab980eba5431a6993e646500befd

SHA256
df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd

SHA512
faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360Base.dll

Filesize
900KB

MD5
a73cf0457df35fab74ef3393d2766667

SHA1
c123e15967e7ab980eba5431a6993e646500befd

SHA256
df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd

SHA512
faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe

Filesize
762KB

MD5
aaa3aab403ff02947c0b20472e40af4e

SHA1
b63acf58aeb317fbfb253ad6ad8ffb53ce1ecc75

SHA256
2ffb6d0703e990e5b2cbeee5378e94cf53e35c56b99c412bf888e0b7aad9affa

SHA512
876f92457a10b5b3e0814f10b431bf26b781fb39210b568f88e0a3098bb8e31e2f5dcf7ae293b132e42f1e8b0dc51fd92637e054a426b567ec6d41c7277e54b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe

Filesize
762KB

MD5
aaa3aab403ff02947c0b20472e40af4e

SHA1
b63acf58aeb317fbfb253ad6ad8ffb53ce1ecc75

SHA256
2ffb6d0703e990e5b2cbeee5378e94cf53e35c56b99c412bf888e0b7aad9affa

SHA512
876f92457a10b5b3e0814f10b431bf26b781fb39210b568f88e0a3098bb8e31e2f5dcf7ae293b132e42f1e8b0dc51fd92637e054a426b567ec6d41c7277e54b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360LibDrvmgr.dat

Filesize
1KB

MD5
5c49c76eab7f4cb98161b028f56fef0d

SHA1
ee1694139f30b991dbc1f0d26af691976e462cc7

SHA256
d261b133220d0878de4d2151e71c5acb1802314b023c751a1e55fe83bff9d928

SHA512
7c8b68df7e774c9a9fb5adf6a5616ee5ce222bb6b6f2f0c2bb72ca660efa916e7c2b0084ce4b47064043f5ccaec2cc5b81bd302cddc3be8d11b2ca2a3368d8c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetBase.dll

Filesize
1.4MB

MD5
14c6b4bbd31f6fd13530bc941cc71d1a

SHA1
ce4e38ac82a54f64d318507ddc28f9ffbb378f0f

SHA256
401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5

SHA512
c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetBase.dll

Filesize
1.4MB

MD5
14c6b4bbd31f6fd13530bc941cc71d1a

SHA1
ce4e38ac82a54f64d318507ddc28f9ffbb378f0f

SHA256
401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5

SHA512
c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetUL.dll

Filesize
241KB

MD5
240e9b9b2b3f2a134070b7d5084278d3

SHA1
a39ce3213f364ec8435833afa36619e6d6fd24b0

SHA256
003e2f8225ae4bfe3487dea759c6e44176fb96ff89fb162904c7c923e9c78720

SHA512
2cdd9cd946b4a6df110f22197290090c1b4b734c9b9120e6403866342b17c50cd8a71d566ff0f284a03b5202af9f06248de71da1314486dbed58a64225cf5745

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360P2SP.dll

Filesize
689KB

MD5
75ae5114927b0200ea73e016211ae572

SHA1
15ae658c082afcab51ade61b8ed6699a978b5e05

SHA256
8e38aeb187edd59329007fe10d2b509e5566256e993a127902d57bac66b17346

SHA512
ae65e304fc669b98c5d137c4e7cba591e075b9d1b588af1d7eea2458776c29b2a2ccd06ea37aeb89d0cd0ebcb155aec7a6a0a842da4ac36f9b512049967e59fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360net.dll

Filesize
477KB

MD5
2bca9e782840c8214dbc3ef6ee64404c

SHA1
9144db795c7b092ac55a5b59c0eb569e3432cfec

SHA256
1320ce2bf517978d3c65cf9cb8390318f3ea1896ef10a66b53a1832792341c62

SHA512
87188cdd4d581c9b20bb36451f0376837bfe5489b685dc28a902af441f0681ff89922138d1a160f4d926189b2ae491a7fb7158c60596116f9f09e6c9516d5c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\7za.dll

Filesize
777KB

MD5
34f4329522a2b16d1bc9ad4ab58d9fc1

SHA1
04ec3c21a59a15a85b29bead3733f0ceccce8680

SHA256
fc07200668d45a640bbd5f6997851e31a20941fcb661f8e09469899becebdf8a

SHA512
ab8efc3dee9319401634dc3d8e6fe8282dc14a6058cf923af2d69656e58ed3724cfd5d466801fcf0bf53510f5b3197986972240693e4b1bbdcc9ae562ae0eb6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\811B~1.TXT

Filesize
8KB

MD5
8adba72730f3b771da178059c525e905

SHA1
ade040d5bebe9a0dea95a450a233ccd040e71059

SHA256
1a39e073ee8457bd745cb9f1e9068074de9d857a693d9fbb34427954551eae97

SHA512
d7b27a84515a64f4487d4938baf7bbea818f4455dee9a84138d9a034eeadc4406e2aa756013a971721fc63cc894a97caf79a03631981d934e1cc4d0f85ec62f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\COMPUT~1.DAT

Filesize
3.9MB

MD5
1bd204d7c5d14c607680557f37b04b90

SHA1
fbe84572551508f780b243e3c5419fbab9e14625

SHA256
ab9b0a2f098624faf35211ce1759f8815fa4c0989b15a5d4028f4a356bc4308f

SHA512
3dfd90d8d303bfb5f76f297a7af487e522267d05a3f78b45c67cecefaf5704ff87b37f9faae5f97c5638afe211c70d2a70ba4d5a0402593f23d78238548b6350

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\COMPUT~1.DLL

Filesize
1.1MB

MD5
6dbf812d5b61f30a21ddccaec30b4452

SHA1
4778e2d043ac593193e5e15056bb98bba564c246

SHA256
197c529acff08fbc13b11010d95c270e50ddd867f783cfec598c5f831f847033

SHA512
7b9506902c1d0a6b8b74e068be87a7d4fec8a96b3d1b05d06d533d4ef995abc7e2ce24a8d37e38b19b62ad5b316e10831c220df44360a15a6b89e18767bea699

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\COMPUT~1.SET

Filesize
65B

MD5
2d190642e5162c95e649f0032cf66dae

SHA1
262f8e1e5fff6784f31eb1a33b72e91405595297

SHA256
54a58179f47494502dd6750e2dba0008fd08958f5945346bbd8af818f52a6b3b

SHA512
6e5aa767f214c86bd1f7216ef4203931019efb7f11900d755bd409329576e4a4d6bf458b62676feab7093c9734a486e759af012a1a4bd0d1d0b246b1f10f88d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ.set

Filesize
65B

MD5
2d190642e5162c95e649f0032cf66dae

SHA1
262f8e1e5fff6784f31eb1a33b72e91405595297

SHA256
54a58179f47494502dd6750e2dba0008fd08958f5945346bbd8af818f52a6b3b

SHA512
6e5aa767f214c86bd1f7216ef4203931019efb7f11900d755bd409329576e4a4d6bf458b62676feab7093c9734a486e759af012a1a4bd0d1d0b246b1f10f88d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ2.dll

Filesize
229KB

MD5
a75f38215a115f9260b58cdd935d7d81

SHA1
dbb7d9d7e69cd5f2f4cda49bebc0fd922316a866

SHA256
102459b35d0b36f915b2cafc2e083d95f4e042815c732a2520dfb646efae4cd1

SHA512
3eeacb82ed9e61d9dc8fec13c2f87fd07b90a5052dd1a3482ee4cdb5122db77587078e7966bf72d73b776973bac09f53f37081f4af0828f1a914c0cd31d03ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ2.dll

Filesize
229KB

MD5
a75f38215a115f9260b58cdd935d7d81

SHA1
dbb7d9d7e69cd5f2f4cda49bebc0fd922316a866

SHA256
102459b35d0b36f915b2cafc2e083d95f4e042815c732a2520dfb646efae4cd1

SHA512
3eeacb82ed9e61d9dc8fec13c2f87fd07b90a5052dd1a3482ee4cdb5122db77587078e7966bf72d73b776973bac09f53f37081f4af0828f1a914c0cd31d03ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ5.dll

Filesize
197KB

MD5
d8308aa7cc08c3a56c9187029db56702

SHA1
f8a1b97e321660d814d4d01f03911f6da0caed9d

SHA256
850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8

SHA512
0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ5.dll

Filesize
197KB

MD5
d8308aa7cc08c3a56c9187029db56702

SHA1
f8a1b97e321660d814d4d01f03911f6da0caed9d

SHA256
850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8

SHA512
0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ5.dll

Filesize
197KB

MD5
d8308aa7cc08c3a56c9187029db56702

SHA1
f8a1b97e321660d814d4d01f03911f6da0caed9d

SHA256
850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8

SHA512
0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe

Filesize
1.1MB

MD5
66bed313b2a1d83113ced5c4297c0abc

SHA1
bfc0ca5ca11b5e9e0a84c5a25fb3fb7bfc8cc5eb

SHA256
b6ce0f204ed6f92ed8949c12cff5ac63f003adcbeb6e744ab81f7ac10d18e23f

SHA512
8ad3abfd830e4d500be988bc0c771cb7537fbfcdae15dbe44b82cdeabbbeef6b523ae3c0038c0026c7937289ba9bc526ecbe640cc1757a1552d4f3555a3746d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe

Filesize
1.1MB

MD5
66bed313b2a1d83113ced5c4297c0abc

SHA1
bfc0ca5ca11b5e9e0a84c5a25fb3fb7bfc8cc5eb

SHA256
b6ce0f204ed6f92ed8949c12cff5ac63f003adcbeb6e744ab81f7ac10d18e23f

SHA512
8ad3abfd830e4d500be988bc0c771cb7537fbfcdae15dbe44b82cdeabbbeef6b523ae3c0038c0026c7937289ba9bc526ecbe640cc1757a1552d4f3555a3746d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll

Filesize
8.5MB

MD5
2bcee702e76853c61a3621e410521a20

SHA1
824a186e0f1d77692b416877c18d867885dc2dca

SHA256
14f5ffec3b83ed5831f7cd046552b9b224a6ec2613643f85c8cebfdf72df80d5

SHA512
f20fec854d0399d57e58b2056063be9414a0714c8938e914fbbab6cd1fc2eac09fb3919359eaee83284b60923f38252c417ce430c081dbf4bcfbf2c176fa20e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll

Filesize
8.5MB

MD5
2bcee702e76853c61a3621e410521a20

SHA1
824a186e0f1d77692b416877c18d867885dc2dca

SHA256
14f5ffec3b83ed5831f7cd046552b9b224a6ec2613643f85c8cebfdf72df80d5

SHA512
f20fec854d0399d57e58b2056063be9414a0714c8938e914fbbab6cd1fc2eac09fb3919359eaee83284b60923f38252c417ce430c081dbf4bcfbf2c176fa20e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\D58E~1.URL

Filesize
208B

MD5
6b18d05c431da481cbc0116ba93f4711

SHA1
639535704bcaee36473d7e96d6a508f771b8e98b

SHA256
d99950d1a1e21f1aee24c75c3fd6cd5c7f834d36b4cae308221efc64a5b4844c

SHA512
b99ac3d0fd5efac4c363fc6434b2c7d5f64f275e4f3c88c8898454ff55924e283f8f026a5d70ffc3f91a556c98582890956cce69c0f9dd54f4b59ab53f51ff8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DC30~1.PNG

Filesize
437KB

MD5
446844b88c036341bac80a7489eaa363

SHA1
c845f12b849ae615d5b021a89e5c88f663a2c961

SHA256
b16d404ceef6f16e24e085c4255a54894ec0cba7c99988670e60b21081807ff3

SHA512
5d7cd351e634df4905552bec2b42786c7eff480155f96da095d4e22525311822accf01f7663014cf6fde5c785a19233fb02bdddf64753caecc08b618612b3565

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DIFXAP~1.DLL

Filesize
311KB

MD5
1bd976dd77b31fe0f25708ad5c1351ae

SHA1
50d075688835df04484f0b93792a530cb47a1872

SHA256
b3c28941ceb057de44d9c322a38bb0f63c62d7ffbd91cf7970964413978f8eb7

SHA512
d58c2be88941c15214c51c59923437863a94db7b8080ead69017f7cce19d256dbe4d1d8498762476c75c26773dfba1aaff3bed615589ebf4b39df78df1b50b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DataMgr.dll

Filesize
664KB

MD5
af1cc0d945bceb82863195d11ad9827e

SHA1
215884e6188ebf94b73bffbff7e040e376954874

SHA256
18d8c74199c73a226436b3cbde6ce232b8aa30dabdc0dbb64e9dc52c18fa0a05

SHA512
39f1e822ea1b0f1ac292533df058977ece4386b7636256a4158f65c9f1e6ad05cc1c91f0edb19af03fe9b757661348256b667d285243db55404c42ea3e3d3daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DataMgr.dll

Filesize
664KB

MD5
af1cc0d945bceb82863195d11ad9827e

SHA1
215884e6188ebf94b73bffbff7e040e376954874

SHA256
18d8c74199c73a226436b3cbde6ce232b8aa30dabdc0dbb64e9dc52c18fa0a05

SHA512
39f1e822ea1b0f1ac292533df058977ece4386b7636256a4158f65c9f1e6ad05cc1c91f0edb19af03fe9b757661348256b667d285243db55404c42ea3e3d3daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DownloadMgr.dll

Filesize
431KB

MD5
9df1215e8ff502a448f5e03555b62b95

SHA1
fe7f3fe364634879a155ec2abbdf2abe302412a5

SHA256
dbe9efd63ce1b628a2a96457d0b26d48e7ae96a564a413e0e641f81caa48fc1f

SHA512
4e28a52b761a67f2d0affe73df423092d319f772ef7d79d544c32737b7c5bddb3680b2ddf9a7de6a25adc62d23579ae8a7472f3e8b45d79eb52fa05e0ced3000

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DownloadMgr.dll

Filesize
431KB

MD5
9df1215e8ff502a448f5e03555b62b95

SHA1
fe7f3fe364634879a155ec2abbdf2abe302412a5

SHA256
dbe9efd63ce1b628a2a96457d0b26d48e7ae96a564a413e0e641f81caa48fc1f

SHA512
4e28a52b761a67f2d0affe73df423092d319f772ef7d79d544c32737b7c5bddb3680b2ddf9a7de6a25adc62d23579ae8a7472f3e8b45d79eb52fa05e0ced3000

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvInst64.exe

Filesize
190KB

MD5
88b760633dda4594397b2f8b88d48183

SHA1
6b86e7419c64d20b66ccfcebadd7d9781bf62b34

SHA256
59624413da628923f722f24b407b18fccc9a8c7652042cf7d9d0f0b337d11148

SHA512
5071431448a5b95dddd55a01bd1ca2c3d97a6e5a7337203c51b877f804e61f46fc7e2970fef488c6a94ec045313e2a317a14c66627b0927ae1830cc13725d340

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvMgrUI.dll

Filesize
2.5MB

MD5
76d802e69cf6898a1f533cf1db481276

SHA1
af4e32c8f98bbfe4fe4ac4e5e4aa5def7b485f4b

SHA256
f2a58ccfe37237bc8d0641f11fd9c69db3cfa595ebbd1bb206289eba8039d159

SHA512
1f501f416e50ec30a2e427605f3e0fce51daf67d1fe4cc1a4ba91ab3960c81037f5f966354229cc4e12543257b6d597f0ed3da7d8553b8a256fc5ca60b4b830f

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvMgrUI.dll

Filesize
2.5MB

MD5
76d802e69cf6898a1f533cf1db481276

SHA1
af4e32c8f98bbfe4fe4ac4e5e4aa5def7b485f4b

SHA256
f2a58ccfe37237bc8d0641f11fd9c69db3cfa595ebbd1bb206289eba8039d159

SHA512
1f501f416e50ec30a2e427605f3e0fce51daf67d1fe4cc1a4ba91ab3960c81037f5f966354229cc4e12543257b6d597f0ed3da7d8553b8a256fc5ca60b4b830f

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvmgrCore.dll

Filesize
1.2MB

MD5
d05a967e7f6ba5c4bcb4e8bd7f148061

SHA1
241c246153885a419f1fe4dab0639ac144e57c32

SHA256
76d6e20231be330caf4be260ec0071f4183241a20ae58521086fe4de81bb409b

SHA512
541ab45df6b4706214bca0b3099aea0b49b7630ad8bbe7454ea7a0216b7d8bb379f2263edecbd3d563898457a4d33ab9365a46a62f3d1f944403e2a7c39ca4ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvmgrCore.dll

Filesize
1.2MB

MD5
d05a967e7f6ba5c4bcb4e8bd7f148061

SHA1
241c246153885a419f1fe4dab0639ac144e57c32

SHA256
76d6e20231be330caf4be260ec0071f4183241a20ae58521086fe4de81bb409b

SHA512
541ab45df6b4706214bca0b3099aea0b49b7630ad8bbe7454ea7a0216b7d8bb379f2263edecbd3d563898457a4d33ab9365a46a62f3d1f944403e2a7c39ca4ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\LIVEUP~1.DLL

Filesize
593KB

MD5
e2ab61cd7dd7c8443719460140737b09

SHA1
d07424aaf894aa68bab5c7cc829e54f69f466338

SHA256
0439f9f3a68e14ee28c718ac334f9318f97858ab5430e4fa2e82eb355ed446d6

SHA512
c608aa5fd10849f5efcc74ffb02bfc59c1cd943154b30f2e2174e30543708f3b92d020d39ae36b9dd2e90c2171863b5a610ab18248d430c974853fe0a810df60

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\MiniUI.dll

Filesize
901KB

MD5
043365f793b1672fc80aaebde3b22929

SHA1
be526a544e7af66b573b29ee7100374e9deb9a1f

SHA256
2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23

SHA512
efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\MiniUI.dll

Filesize
901KB

MD5
043365f793b1672fc80aaebde3b22929

SHA1
be526a544e7af66b573b29ee7100374e9deb9a1f

SHA256
2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23

SHA512
efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\PDown.dll

Filesize
230KB

MD5
48a849ff04150b2ec0836ab6bb32590a

SHA1
1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3

SHA256
ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62

SHA512
b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\SIGNHE~1.DLL

Filesize
139KB

MD5
a60df7bdf1ab9583e8bf7b38f2eca0a3

SHA1
528064b42f0470e785e896df67b41c6335f176a6

SHA256
4c20f1868b4ee71cca4d399b947f7942460a4074f2942ba90f382c2476b96978

SHA512
7fd219bf83e63dae70dfc79ad1978cefa4a9aec27b69f6e7f0b6e26678c988f8e4dda88f8d000cc20a1b0fdcdd69c24c56eab9a70c242630e902fe1b2d47eea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe

Filesize
520KB

MD5
eea4fbb86da8e1081d0d70f02c632f1f

SHA1
0d92de64f4749843136aaf00b35528096d4cdfeb

SHA256
516da8a4a7aeee54231386f6695559046e5d48c7ccb101bd0af14f2f8f5b0e80

SHA512
43b3b7e36701bcdbb3d7ee89c84ee2a38e7e157f19ea5257cebb626c6321db15d59ddb4f42de61e6d9658fa3771689253c2c435b423f91d9695cb71fa6302e8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe

Filesize
520KB

MD5
eea4fbb86da8e1081d0d70f02c632f1f

SHA1
0d92de64f4749843136aaf00b35528096d4cdfeb

SHA256
516da8a4a7aeee54231386f6695559046e5d48c7ccb101bd0af14f2f8f5b0e80

SHA512
43b3b7e36701bcdbb3d7ee89c84ee2a38e7e157f19ea5257cebb626c6321db15d59ddb4f42de61e6d9658fa3771689253c2c435b423f91d9695cb71fa6302e8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\atiags32.dll

Filesize
196KB

MD5
a1f7d080d2a00a9ddca9a469c29663c0

SHA1
9fa6b676b9509eead040415ca13a097118ae2175

SHA256
81b7e8a1c0073f6b7c4188216a94e5ab6420844e1acb122d93fab4c6bc14eebe

SHA512
eef12054ace42f07b05b371aa51164bbbfd65120b111e375eaec30537c232ae85022dd1bf424ed94a8d97eb216919cc5857e332029778b93faa8064555e4e07e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\cacert.dat

Filesize
2KB

MD5
e10c92a310813373102fe1b5ac4ca476

SHA1
60bd6efd052102371df2586fa1e38d273381c11a

SHA256
2f8436d3568fa6bba1bebf367db6f50e1a0c4e0c38544a268eb5e01b30191776

SHA512
adc230eca39e7e92cc8628f8a9f0010f96d988d24dc02524a5c6a3d7faffae407ae646cb21433a4a78497b95eb9c1324558885ab365ea5c3825c41a279ea97f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\config.xml

Filesize
978B

MD5
583e167ba709fec11044409c6b09d04f

SHA1
27b363d8b5dee2df351a5d41e6f14b6156db190f

SHA256
ea5f4faf853767718beef85023fcd9e13cca2127ebb3c17331903779db2916a0

SHA512
bebb16e99340d9264b7ae4cfd1562243a8cef688d3585968046c68020f19de587668485017f74368c20b686f5543bb319cc02665a3cdbb890eb47ffa4ce2a20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\defaultskin\defaultskin.ui

Filesize
156KB

MD5
0cc06e728803d0cdeedda92e04313e6c

SHA1
62e897041bdbf18ca65f6c452abcb557e17c0ded

SHA256
3fb6414e92be15821c674a6e72295e75747e9734c827ac14e85479d4720f2b33

SHA512
72afb68bf2078e459cf2e37481c61ff172dd224f5b089bf9903b0c55660aecfdcb98622c0b04fe88edae0e2e25c0eb640cffafc7343bbe5d67ef137397678936

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\defaultskin\miniui.xml

Filesize
8KB

MD5
1c7fad425e4dc4787174876b6725c5de

SHA1
6bf7f9afb666636bea1cef7eca6ebc32f4b344a2

SHA256
ee451d9f3d84226bcd456f193e1e79ebfbd1f24b961b25770c40df93ee7ca494

SHA512
ab02ca7851e6a859244edea31b3cf931a14937ec9ad2274c49a1aedb5a258360f653d7d5e76b9c6166633c4c284db9be277ae584d89641a99da3c77564f8b57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\dynlenv.dll

Filesize
548KB

MD5
61bda655c88ce843905ce63a2d5669e4

SHA1
532304d12d6e1a740e01cf03b3439301d2c6c85d

SHA256
fa7daa6a0e13f9112de63313caf4d06081aee0c7e79b5937cff0519bb4c0bbd4

SHA512
ad9c4f862747ff55ac506ea8b9d4a84a7d0c15d9cb8e9c987722141b9c33957d6aed44b59f0d85a068431ec2b85061b6c27d38011b8dca1675905aaaf6e37bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\log\COMPUT~1.LOG

Filesize
75KB

MD5
e8bbd22273b053dfe6ae618baaae1c8b

SHA1
59907387a524cee8334c3a52fa2c3619042e4b35

SHA256
81e30aa222ed205e6e8ae1ff388b46e5b601da346865ec8441f83f10e1b304cf

SHA512
19d7f3b546804909b53eb9d3532f35bc5012fd420ddfc82cbce4824d185cf57745ceb81656ebac5685ba8085ead61d8a3e1c0c7233fb4484d4bd9997a5d5ac37

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\pdown.dll

Filesize
230KB

MD5
48a849ff04150b2ec0836ab6bb32590a

SHA1
1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3

SHA256
ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62

SHA512
b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680

Download Submit
C:\Users\Admin\AppData\Roaming\360DrvMgr\360DrvMgr_20230511.dat

Filesize
5KB

MD5
8c76b1e716f31b42f6d2c562623003bd

SHA1
5b54052e49556bd0ccbb64d05f154d7817c59413

SHA256
8fdb73335885627870968780564475380a19f2244e5a9e8d9f48e41565651e97

SHA512
6478b508520052fce461e9bb65ce96bb3bf59cf619fd154e56f6ec1063b9b3293d76cf20ba9064143a1b27820c51019d037a447f90a977601ebd1c48c376e26a

Download Submit
C:\Users\Admin\AppData\Roaming\360DrvMgr\Config.ini

Filesize
44B

MD5
5b4a431dcb216d13f365560463ae0e27

SHA1
5870343319f01c77267845040e9d6baa5cae73b3

SHA256
a96645cf19af1af24f5888af2d531482081ff42da6e01515128353847a25d0a7

SHA512
d5c37521f40ae352a4acb07b9b2ddbffdcd57b4cc6b39e7f3eff13783c4bd482bd17085513ab164ffb2295e4304d30e21c9437117a8ee4d172fb38ac49fd8e86

Download Submit
memory/1516-526-0x0000000003610000-0x0000000003647000-memory.dmp

Filesize
220KB

Download
memory/1516-517-0x0000000003610000-0x0000000003647000-memory.dmp

Filesize
220KB

Download
memory/1516-514-0x0000000003610000-0x0000000003647000-memory.dmp

Filesize
220KB

Download
memory/4108-518-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/4108-233-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download