0425127fffb9ca1ce12df88b1e033aad8245659c5f9ba971cfb96c52630ce7a3

Analysis

max time kernel
54s
max time network
80s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20-07-2023 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WORLDBOX - God Simulator[KQI8pkR7B].exe
Size

511KB
MD5

ec4460d73c83a3fb4dee1caa45c16937
SHA1

487377cbca81d3e5a59cd8afb7d994bc856ce67b
SHA256

0425127fffb9ca1ce12df88b1e033aad8245659c5f9ba971cfb96c52630ce7a3
SHA512

384a7d10b4a1609ca4a4371ccbca511e1dba8c2f163c03baa38a3a297e435f627a521c7b66495bb7397d817aecbd1d7ce0f1f6c3a019a192906421ca922da892
SSDEEP

12288:z+ocIPZW655TpkOH9iYRvPR4VXzg7N8QCmX3p5WTQjGHdj:zPc1M5zHlgVXE7jrnpaQi9j

Score

8^/10

bootkit discovery evasion persistence upx

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 1 TTPs 3 IoCs

evasion

Windows Service

T1543.003

pid	Process
2816	netsh.exe
2736	netsh.exe
2748	netsh.exe

Executes dropped EXE 3 IoCs

pid	Process
2900	dist_opera.exe
3008	360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe
540	dstudio-gui.exe

Loads dropped DLL 43 IoCs

pid	Process
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2900	dist_opera.exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
3008	360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2900	dist_opera.exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe
540	dstudio-gui.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000016db3-218.dat	upx
behavioral1/memory/2212-226-0x0000000005B10000-0x000000000603B000-memory.dmp	upx
behavioral1/files/0x0006000000016db3-225.dat	upx
behavioral1/memory/2900-230-0x0000000000010000-0x000000000053B000-memory.dmp	upx
behavioral1/files/0x0006000000016db3-783.dat	upx
behavioral1/memory/2900-831-0x0000000000010000-0x000000000053B000-memory.dmp	upx
behavioral1/memory/2272-885-0x00000000012B0000-0x00000000017E9000-memory.dmp	upx
behavioral1/memory/2272-1844-0x00000000012B0000-0x00000000017E9000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\4b26e8b29773194f8c150694afeb3431.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\ja.pak	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qt_zh_CN.qm	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\92e4bf8249c7e64986a4f39390e404ae.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\Qt5WebEngineCore.dll	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\libnatpmp.dll	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\8b43fc682e4a7e43b47392892e543817.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\67f5eeb268ab984fa8808804af94a77d.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\8c45f24c525ddf4bb5fd895c4ebce3ff.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\9b8fd19e3a3a674cb53dd4f47b9fbb50.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\9a027379f7f58b44be5a296ef62e71f1.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\e444f31f7011c84c88f6e85b8692cdff.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\2240579b6a00ed48a30f04078022677f.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\918c9c8e3686334d9f893ceb7e7a3246.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\Qt5WebChannel.dll	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\et.pak	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\nl.pak	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\3e927e5afc068143a72224130617b570.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\bg.pak	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qt_es.qm	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\6aac8abd608f3b4e93a9958e4399e75c.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\zh-CN.pak	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\sqldrivers\qsqlite.dll	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qt_fa.qm	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\3539c9f6a98a6747bcecd6ddc64fea58.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qt_nn.qm	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\2e52efee3b57cd40a20d3e2189402ced.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\el.pak	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\ml.pak	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\Qt5WebEngineWidgets.dll	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\2a8dd90e11369f468db484ffbc5c2be4.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\7f8f13369c4ea049a6e10b01bc630105.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\Qt5Sql.dll	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\733eda5ef1282d45848dea2617b2d815.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\aa7b3dbf0d9aa64e852c2ceb36576620.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\715651b48848b7488db716606a01f247.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\c5577f2bb9078b479dc585c82ce9cbd6.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qt_ca.qm	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qt_fr.qm	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qt_uk.qm	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\f3781b85fef4a849a8c75a6482be28a3.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\a7ce8e0a705e4945a5b9ba2f3a82ba4d.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qt_lv.qm	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\lt.pak	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\b1395a9c5224b741b70b6e52db864acf.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\7e44c83dd55b9043a1166b8824f7b9e9.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\hi.pak	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\17617c2067691448827becfd6e85c669.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\2a476e0bfa15c44b8f124dd27921a1f5.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\d9f5ddfb9e774d4c8be7c2b611bf32d7.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\b6e870a803d52747b9f2cf2bcb106e47.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\Qt5QmlModels.dll	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\ecbe7cbc36c1fb44b2614e234a1992b2.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\e4b64e9c6c696640ba74e44560433231.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\697089e0cf91284bacaaa56b456361fe.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\215a638bb278764f8eebe699e7ec93ea.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\7b67a7334630374f87b63800e78a1c2a.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\8a4325f01bc8a74284efd2e242e70b30.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\de.pak	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\$dpx$.tmp\job.xml	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\fb10e2890382224a893d58233a515a3d.tmp	expand.exe
File created	C:\Program Files (x86)\Download Studio\$dpx$.tmp\e1df562eaaceea46987319cdd2e0bd29.tmp	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\translations\qtwebengine_locales\pt-BR.pak	expand.exe
File opened for modification	C:\Program Files (x86)\Download Studio\resources\qtwebengine_resources.pak	expand.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	expand.exe
File opened for modification	C:\Windows\Logs\DPX\setupact.log	expand.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main	WORLDBOX - God Simulator[KQI8pkR7B].exe

Modifies registry class 42 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent\Extension = ".torrent"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-magnet\Extension = ".magnet"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\shell\ = "open"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\.torrent	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\ = "Magnet URI"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\ = "Torrent Metadata File"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\DefaultIcon\ = "\"C:\\Program Files (x86)\\Download Studio\\dstudio-gui.exe\",1"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\shell\open\command	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\shell\open\command\ = "\"C:\\Program Files (x86)\\Download Studio\\dstudio-gui.exe\" --add-torrent \"%1\""	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\Content Type = "application/x-magnet"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\DefaultIcon	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\shell	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\shell\open	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\shell	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\shell\open	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\Content Type\ = "application/x-bittorrent"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\DefaultIcon	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\shell\ = "open"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\URL Protocol	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\shell\open\command\ = "\"C:\\Program Files (x86)\\Download Studio\\dstudio-gui.exe\" --open-magnet-uri \"%1\""	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\.torrent\ = "DownloadStudio.TorrentFile.1"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\shell\ = "open"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-magnet	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\URL Protocol	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\shell\open\command	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\.torrent\Content Type = "application/x-bittorrent"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\DefaultIcon	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\FriendlyTypeName = "Download Studio"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\URL Protocol	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\Content Type	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\shell	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\ = "Magnet URI"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\DefaultIcon\ = "\"C:\\Program Files (x86)\\Download Studio\\dstudio-gui.exe\",1"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\DefaultIcon\ = "\"C:\\Program Files (x86)\\Download Studio\\dstudio-gui.exe\",1"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\shell\open\command\ = "\"C:\\Program Files (x86)\\Download Studio\\dstudio-gui.exe\" --open-magnet-uri \"%1\""	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.TorrentFile.1\shell\open	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadStudio.MagnetUri.1\FriendlyTypeName = "Download Studio"	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000_CLASSES\Magnet\shell\open\command	WORLDBOX - God Simulator[KQI8pkR7B].exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	WORLDBOX - God Simulator[KQI8pkR7B].exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	WORLDBOX - God Simulator[KQI8pkR7B].exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	WORLDBOX - God Simulator[KQI8pkR7B].exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
540	dstudio-gui.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3008	360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe
3008	360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3008	360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe
2212	WORLDBOX - God Simulator[KQI8pkR7B].exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2900	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	31
PID 2212 wrote to memory of 2900	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	31
PID 2212 wrote to memory of 2900	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	31
PID 2212 wrote to memory of 2900	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	31
PID 2212 wrote to memory of 2900	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	31
PID 2212 wrote to memory of 2900	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	31
PID 2212 wrote to memory of 2900	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	31
PID 2212 wrote to memory of 3008	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	32
PID 2212 wrote to memory of 3008	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	32
PID 2212 wrote to memory of 3008	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	32
PID 2212 wrote to memory of 3008	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	32
PID 2212 wrote to memory of 3008	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	32
PID 2212 wrote to memory of 3008	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	32
PID 2212 wrote to memory of 3008	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	32
PID 2212 wrote to memory of 2664	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	34
PID 2212 wrote to memory of 2664	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	34
PID 2212 wrote to memory of 2664	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	34
PID 2212 wrote to memory of 2664	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	34
PID 2212 wrote to memory of 2816	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	36
PID 2212 wrote to memory of 2816	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	36
PID 2212 wrote to memory of 2816	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	36
PID 2212 wrote to memory of 2816	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	36
PID 2212 wrote to memory of 2736	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	38
PID 2212 wrote to memory of 2736	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	38
PID 2212 wrote to memory of 2736	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	38
PID 2212 wrote to memory of 2736	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	38
PID 2212 wrote to memory of 2748	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	40
PID 2212 wrote to memory of 2748	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	40
PID 2212 wrote to memory of 2748	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	40
PID 2212 wrote to memory of 2748	2212	WORLDBOX - God Simulator[KQI8pkR7B].exe	40

C:\Users\Admin\AppData\Local\Temp\WORLDBOX - God Simulator[KQI8pkR7B].exe
"C:\Users\Admin\AppData\Local\Temp\WORLDBOX - God Simulator[KQI8pkR7B].exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\dist_opera.exe
  "C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\dist_opera.exe" --silent --allusers=0
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2900
- C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe
  "C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe" /s /clientid:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\360TS_Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\360TS_Setup.exe" /c:WW.dstudio.CPI202206 /pmode:2 /s /clientid:1 /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo=
    3⤵
    PID:2976
  - - C:\Program Files (x86)\1689871103_0\360TS_Setup.exe
      "C:\Program Files (x86)\1689871103_0\360TS_Setup.exe" /c:WW.dstudio.CPI202206 /pmode:2 /s /clientid:1 /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo= /TSinstall
      4⤵
      PID:1748
- C:\Windows\SysWOW64\expand.exe
  "C:\Windows\System32\expand.exe" -F:* "C:\Program Files (x86)\Download Studio\runtime-qt-5.15.10-wlib3.cab" "C:\Program Files (x86)\Download Studio"
  2⤵
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:2664
- C:\Windows\SysWOW64\netsh.exe
  "C:\Windows\System32\netsh.exe" firewall add allowedprogram program="C:\Program Files (x86)\Download Studio\dstudio-gui.exe" name="Download Studio"
  2⤵
  - Modifies Windows Firewall
  PID:2816
- C:\Windows\SysWOW64\netsh.exe
  "C:\Windows\System32\netsh.exe" firewall add allowedprogram program="C:\Program Files (x86)\Download Studio\dstudio.exe" name="Download Studio Daemon"
  2⤵
  - Modifies Windows Firewall
  PID:2736
- C:\Windows\SysWOW64\netsh.exe
  "C:\Windows\System32\netsh.exe" firewall add allowedprogram program="C:\Program Files (x86)\Download Studio\QtWebEngineProcess.exe" name="Download Studio WebEngine"
  2⤵
  - Modifies Windows Firewall
  PID:2748

C:\Program Files (x86)\Download Studio\dstudio-gui.exe
"C:\Program Files (x86)\Download Studio\dstudio-gui.exe" --open-hashid KQI8pkR7B --force-run
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
PID:540
- C:\Program Files (x86)\Download Studio\QtWebEngineProcess.exe
  "C:\Program Files (x86)\Download Studio\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=1568 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Download Studio\dstudio.exe
  "C:\Program Files (x86)\Download Studio\dstudio.exe" --quiet=true --event-poll=select --disable-ipv6=true --listen-port=59751 --enable-rpc=true --rpc-allow-origin-all=true --rpc-listen-port=17060 --rpc-secret=9b72e31dac81715466cd580a448cf823 --continue=true --check-certificate=false --allow-overwrite=true --allow-piece-length-change=true --content-disposition-default-utf8=true --disk-cache=32M --auto-save-interval=5 --file-allocation=trunc --max-connection-per-server=100 --min-split-size=1M --split=20 --referer=* --max-overall-upload-limit=5M --max-concurrent-downloads=5 --bt-enable-lpd=true --bt-piece-selector=default --bt-max-peers=150 --bt-max-open-files=250 --bt-save-metadata=true --bt-load-saved-metadata=true --bt-request-peer-speed-limit=100K --seed-time=0 --enable-peer-exchange=true --enable-dht=true --dht-listen-port=59751 --dht-entry-point=dht.dstudio.app:6881 --dht-file-path="C:\Users\Admin\AppData\Local\Download Studio\data\dht.dat" --save-session="C:\Users\Admin\AppData\Local\Download Studio\data\session.dat" --save-session-interval=2 --input-file="C:\Users\Admin\AppData\Local\Download Studio\data\session.dat" --user-agent=dstudio/1.20.0 --peer-agent=dstudio/1.20.0 --peer-id-prefix=-DS-1200- --stop-with-process=540
  2⤵
  PID:2272

C:\Program Files (x86)\Download Studio\dstudio-gui.exe
"C:\Program Files (x86)\Download Studio\dstudio-gui.exe"
1⤵
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\1689871103_0\360TS_Setup.exe

Filesize
61.7MB

MD5
c44ea18e0f21ed0efb9446d968c40aa5

SHA1
96d861046cd9258a36490221be5bcf7a6c4258f3

SHA256
c1b5509e455290878214e77c284e6c852174a2d3e7438c541577cc34725e2da0

SHA512
90df8fb5f848f3a3918a679331635b8c8c7d26cbfbd8792e549b4a1a4b61885ffe819fade1aebd604b6873cd97180c6d1cf70670e3163823c15789ecc3703efb

Download Submit
C:\Program Files (x86)\Download Studio\MSVCP140.dll

Filesize
437KB

MD5
dc739066c9d0ca961cba2f320cade28e

SHA1
81ed5f7861e748b90c7ae2d18da80d1409d1fa05

SHA256
74e9268a68118bb1ac5154f8f327887715960ccc37ba9dabbe31ecd82dcbaa55

SHA512
4eb181984d989156b8703fd8bb8963d7a5a3b7f981fe747c6992993b7a1395a21f45dbedf08c1483d523e772bdf41330753e1771243b53da36d2539c01171cf1

Download Submit
C:\Program Files (x86)\Download Studio\MSVCP140_1.dll

Filesize
32KB

MD5
ca41f812e04bf186926c8e312ed86990

SHA1
06ad85c589487bb6a172c41164e404c152f58c1b

SHA256
037da271a83151debaa648a35cf5ce9ee9b8fedaa7e437bee1b44ece54ad9933

SHA512
796e43a7057ef7e0fc6863c221e43cec4e14c019e5ea2526ce4683f29702c25e7f478b1f27af59b21302de0e466483d1b846409f1e976d04c687f84b2c2ddabd

Download Submit
C:\Program Files (x86)\Download Studio\Qt5Core.dll

Filesize
5.3MB

MD5
8ab4b019dae957fb68ac0f98ebe55bd1

SHA1
3a1067a9463d5e848e45a51f7a2938afcbe4e7ce

SHA256
5d481e47c52fc19c3d299a5c2ef1cfada104c95e94ccf245b3369c5b1c629401

SHA512
70c0746aa0c95813f9b632933b0411ba3f7837d8e9942a6b2e9d5f4b13264f9e5de44da5e28c28f971050d5ffbc2bc0da8bfd447f9298f12d5594bd9cc96d82f

Download Submit
C:\Program Files (x86)\Download Studio\Qt5Gui.dll

Filesize
5.6MB

MD5
b22f7cc34f0f06287d46ff54a09c36d4

SHA1
dfcd297a36f7f6f30681583c1478370be2eb01ca

SHA256
a14bb5c9db72ee6a9c69084dfb45c0f48ee4d2087721515029d3ebdf71a8c47e

SHA512
3890566d982e7719c5917d9d737f7d6db1c3438a18a0f5f6e6f690d850a103a1e294af8350afb6ddb99642dc1ca69863905df0ed64ca8f988fa494ad637bf2e3

Download Submit
C:\Program Files (x86)\Download Studio\Qt5Network.dll

Filesize
1.0MB

MD5
afc2e1fcd751e37ecd564a8105a64c01

SHA1
934b5c6361253e84e89e603713583d0f3ee23e5d

SHA256
7485401e0318887fdb69f60ac2cb5a58b0703e5efcc382477c6f38fd052161f2

SHA512
29501848640e8c1e5400bfd52eaa04f3101d2e8d28681db79e14720869a5da65db0032ef1228eba15f645a0e943659fc6d6bd1b037d937363e1bd89e977db3d2

Download Submit
C:\Program Files (x86)\Download Studio\Qt5Positioning.dll

Filesize
266KB

MD5
8f4f9c9c1846248cdda9a6648039c617

SHA1
dd9aac21275940161d770b9ec001c87aa4d62bff

SHA256
f60fd07426ca029d7daf8e5d9a6fee0fa83e04fd923c0528322fe7a1a6a403f8

SHA512
391f8f0cc2a929be2a87be29dfb1f39509c9b04d4f19a778ef11a22e515212d7361b2cbf441e3e44b0482619dadee1d6727a0eb734909ff6c96016908709c17d

Download Submit
C:\Program Files (x86)\Download Studio\Qt5PrintSupport.dll

Filesize
256KB

MD5
c92d4e052e6a57e6fd8e934cc037f464

SHA1
ecaa9cbc61fb74d8916b1114debadd7495a5353c

SHA256
9cc39dd6e51643fc1741c1499a4c81213cc4d56ea26c1fe42ccf5ecefa4f32e4

SHA512
583919eb467a1390ec6a290038d83f1bec80d986258b983b70bdd5dccc184ecde4e44e58bb24aa47a80d892b246bcca4969b82cd1e9bc85592d076330c2bf458

Download Submit
C:\Program Files (x86)\Download Studio\Qt5Qml.dll

Filesize
2.9MB

MD5
29a58521fcbc1960e212773d5388225b

SHA1
9a49bc7c6ea1fe207d07b4f262ad1cb3df33ede6

SHA256
f797ca28938aa165a0df90f7a999baaee51c26166f42520fd93cae03b852e490

SHA512
b757fcb2e64e2138910ecf53406e632cbaa38b465da2451f84d301c8600312a540e95f1c82505b50c86d6ab8c7a8bfef3d83b5d741fbc871a456044e861b4965

Download Submit
C:\Program Files (x86)\Download Studio\Qt5QmlModels.dll

Filesize
340KB

MD5
aef413d1a6b2951b5a39c2538807601b

SHA1
5ab3b29358f5bc38ddee6663acb848e2636bc190

SHA256
8e6a1b32f4cefb13eef92dfe64dd9d998d823718baf8c48d5eb003ea98d76bff

SHA512
4b54fc12daaa83964853b210d3637d6331c52578b93f164903e86385514268d54c77a6d8721c2fd9cc149667d92f28a4148f95a4743a190af6b7ceba0be88f9e

Download Submit
C:\Program Files (x86)\Download Studio\Qt5Quick.dll

Filesize
3.4MB

MD5
4907ce0e363c8b461c72d5798d25edca

SHA1
01c2b1890087cceedca78c2e78665e013f5c8c4d

SHA256
a2a33ca9444dcc3b1effa97c94c9993425e4fb5a27e35f1aeb2103fa28c6cc68

SHA512
073da03406e92c96ff5597f81e4cc06ed92889680afc0ab94ee0024c848f5183fdf11357ac22629611a0f7e9b396448f887d4ad996ff6018eb4a27c45b4301d6

Download Submit
C:\Program Files (x86)\Download Studio\Qt5QuickWidgets.dll

Filesize
61KB

MD5
91727bd6144abd8e3d454b6c99904465

SHA1
fa01b3d2a3bfb20c66186e624b46cb8ab7ebf73d

SHA256
dc653c4057bdf6aa23249d2eeda36715689929391331a062b12faf1d5287214f

SHA512
922e939d6a455b97f368362fe3420808a5f1c8ca1a63b068e51edae1fcaeb2d65bd9604c5c83cc362c58faca1c7f869bcea373323503964b66e96a755be204b9

Download Submit
C:\Program Files (x86)\Download Studio\Qt5Sql.dll

Filesize
164KB

MD5
d1336a9e2a76b9145727297a6dec0960

SHA1
40f6e93721a37b61d5d6be8634b982c1faf08bd5

SHA256
31b6d0fa4d8b7c47d16709659e2059fd2f8e1afc05cdee85cdce24138fcd5e13

SHA512
47c4c340c051a8a2db49f9e5ddd8051632f57ef80d01e6acaad688f62846e9245f896a9cce41f7774750cf90d5f4b7e13241805a2588498aada8a3cf1dc8cdae

Download Submit
C:\Program Files (x86)\Download Studio\Qt5WebChannel.dll

Filesize
100KB

MD5
eb5aedb2cfb1c1e1021828115fa5da41

SHA1
4fcd786fd7d10c980d8aa6eafcb6eb954696dca5

SHA256
1631fcfa080519a376854dcfe3f497c013c936c784f6f45f9bbd65383f41d3ff

SHA512
ce3654bdaf537305d0464faebafaeba6c53bda8cebf1282988a872ab5d61559a13e5ec79ef6a26b2fa028c469963872027b7b28492beb7bf980fb28502e3f699

Download Submit
C:\Program Files (x86)\Download Studio\Qt5WebEngineCore.dll

Filesize
78.2MB

MD5
9f01c86677617b027ee5a104b953a5df

SHA1
16f9e8cd335dddbc70666fa9f658f01845b509c0

SHA256
446b87e13ff147183776e1898102071b842a7b43a20f25765f1de5034cffcb5d

SHA512
165d361268f8353fd703379682ba70225dd5012e9ffa1e4c7ded42e4c0f16d4866820f6eb8bccadd3ab8527cf4ddb6efb1b78f265a61c431455c290a750b423a

Download Submit
C:\Program Files (x86)\Download Studio\Qt5WebEngineWidgets.dll

Filesize
195KB

MD5
e6c5d0eadf2775d10c240f400fbd8bf9

SHA1
3f127b90acb1b1cf9d88689b93d661e91700a2bb

SHA256
39e84bd06019082056c09404ba9a11e7f8c1b91b99887d1cde081155c5dd9007

SHA512
972ddb4f9878977f79597f5d89e5c29015b6d7e1c70c3679e642fe7bd779cf28ce20785690c3775656092e785d140b8c81d8c644af6b0a680805b314192e1041

Download Submit
C:\Program Files (x86)\Download Studio\Qt5WebSockets.dll

Filesize
111KB

MD5
4f5acac152034012b5b31aa02858cddd

SHA1
eb1c4b1338bb53c2abdb806df34e057e790fbfa3

SHA256
cba6631fa02ee9e1c16170740541ac1386ebf0e53895c78d49a98369e85886d3

SHA512
71b516176dedfb70ee89815dd82909baa232289852e321b067674a0c838f4dee8df6fd4220b5c6f612ec5e5de02d04f165005eaf99cd57efb661498ea8636c09

Download Submit
C:\Program Files (x86)\Download Studio\Qt5Widgets.dll

Filesize
4.4MB

MD5
ef382699be92f9fb668f58cd44aba95a

SHA1
94016b0fbaa9252ef6b9e56617102b20e1a2c562

SHA256
c225037b4e34f7ff7f31e14a4825492d2cc10d28e5be2373417bf3fd89aadd2d

SHA512
993ee327d78f0ab35b524d061aa30c55c0b1604a5c49d345885d47f7daf77b030446a5038a6a300aac1f2774271364a13c6e09c9d0441da31e1cd76acc893a69

Download Submit
C:\Program Files (x86)\Download Studio\VCRUNTIME140.dll

Filesize
88KB

MD5
1d4ff3cf64ab08c66ae9a4013c89a3ac

SHA1
f9ee15d0e9b0b7e04ff4c8a5de5afcffe8b2527b

SHA256
65f620bc588d95fe2ed236d1602e49f89077b434c83102549eed137c7fdc7220

SHA512
65fbd68843280e933620c470e524fba993ab4c48ede4bc0917b4ebe25da0408d02daec3f5afcd44a3ff8aba676d2eff2dda3f354029d27932ef39c9fdea51c26

Download Submit
C:\Program Files (x86)\Download Studio\dstudio-gui.exe

Filesize
943KB

MD5
8de6d337e002856ae5f35ebaa583e6ee

SHA1
243d3f67d0cbbbf7a7abea94f1b3aaeb2d88cf74

SHA256
b4fe5f47fb8c7e11c3e0ad5d5df6be3d6901128575162df617bbea68f8470cff

SHA512
b0a246390aa09f42b86305f84e175649a2254a4f66560f2f53f425d936dfadbfb60aa9e48438811daf304f1edab9ec03ff62f2c56d32aded59436e64096c5781

Download Submit
C:\Program Files (x86)\Download Studio\libnatpmp.dll

Filesize
13KB

MD5
5ad8494d6121eda5308398a88d958d68

SHA1
36b3c3b9b11283fa6a91df3a259554f8bb610c42

SHA256
f29c34baefad270b7fa663b49b14e5ae714fd0f02c95cdb1eb04849c606c004a

SHA512
8ae74a0ce30dcfdbdf1159127ea2908513b2b7c783c44de791a618bdeb7f552a6c6bc65827c19800e8920503fb80dd027ec9c47cc99846080cac8d1473e84ba5

Download Submit
C:\Program Files (x86)\Download Studio\miniupnpc.dll

Filesize
49KB

MD5
4a065453e93067e8b715f235d3b17181

SHA1
36c06cd6ae96735328057b97496d62c362ae75db

SHA256
1c31f0cde2a50b24d7b8364c5d12400dcc54d350e1296f7a3379d87a2fa397bb

SHA512
775528f2bbe95d178b20fa67c26c4732994a247b59afacf40b3ddcb482436d35997a269aa7294305f612607c601314b7d8bcf1447c978c784ec40a7951c55d52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2d980b47e1838a51fa4a6cc96f02a580

SHA1
11b9714344eac55717554307dce6b5f3e89e7d56

SHA256
bc623e26176f2a123a8c7e860d91d27ce4af3eaf618872041f74eb4978b7fae7

SHA512
e44462db22960c9f3381c5749267d7eecc2630c29890c7cdfb1eb01d9fdd940c4f8b30b9a1477696d1cfdb5030097b3c5e4344cc30f69f9b53c1f4881978aa30

Download Submit
C:\Users\Admin\AppData\Local\Download Studio\QtWebEngine\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]\setup.ini

Filesize
829B

MD5
9fccf6f6f2b2d17fe3fa92b82f228c12

SHA1
6beed35563a5436e38cd49bdf7a3b4e08dd71805

SHA256
c7d5d8baa80aa7f71364ebcc3119dbaac8b2857b4c4803c537489dbaa7e16308

SHA512
cc04e60d06ebbf707e22d553fbc648d82f1e158106ce716f826545e744a25144b5497c394f5b53c08198c7ca69f0e59cb5c5f04482e29aa60cd69015f0622d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1689871103_00000000_base\360base.dll

Filesize
884KB

MD5
8c42fc725106cf8276e625b4f97861bc

SHA1
9c4140730cb031c29fc63e17e1504693d0f21c13

SHA256
d1ca92aa0789ee87d45f9f3c63e0e46ad2997b09605cbc2c57da2be6b8488c22

SHA512
f3c33dfe8e482692d068bf2185bec7d0d2bb232e6828b0bc8dc867da9e7ca89f9356fde87244fe686e3830f957c052089a87ecff4e44842a1a7848246f0ba105

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\config\lang\de\SysSweeper.ui.dat

Filesize
102KB

MD5
98a38dfe627050095890b8ed217aa0c5

SHA1
3da96a104940d0ef2862b38e65c64a739327e8f8

SHA256
794331c530f22c2390dd44d18e449c39bb7246868b07bdf4ff0be65732718b13

SHA512
fb417aa5de938aaf01bb9a07a3cd42c338292438f5a6b17ef1b8d800a5605c72df81d3bae582e17162f6b1c5008fd63035fa7a637e07e2697cb1b34f9197a0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\es\deepscan\dsurls.dat

Filesize
1KB

MD5
69d457234e76bc479f8cc854ccadc21e

SHA1
7f129438445bb1bde6b5489ec518cc8f6c80281b

SHA256
b0355da8317155646eba806991c248185cb830fe5817562c50af71d297f269ee

SHA512
200de0ffce7294266491811c6c29c870a5bc21cdf29aa626fc7a41d24faf1bfe054920bd8862784feaba75ba866b8ab5fd65df4df1e3968f78795ab1f4ad0d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\es\ipc\360ipc.dat

Filesize
1KB

MD5
ea5fdb65ac0c5623205da135de97bc2a

SHA1
9ca553ad347c29b6bf909256046dd7ee0ecdfe37

SHA256
0ba4355035fb69665598886cb35359ab4b07260032ba6651a9c1fcea2285726d

SHA512
bb9123069670ac10d478ba3aed6b6587af0f077d38ca1e2f341742eaf642a6605862d3d4dbf687eb7cb261643cf8c95be3fba1bfa0ee691e8e1ed17cc487b11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\es\ipc\360netd.dat

Filesize
43KB

MD5
d89ff5c92b29c77500f96b9490ea8367

SHA1
08dd1a3231f2d6396ba73c2c4438390d748ac098

SHA256
3b5837689b4339077ed90cfeb937d3765dda9bc8a6371d25c640dfcee296090a

SHA512
88206a195cd3098b46eec2c8368ddc1f90c86998d7f6a8d8ec1e57ae201bc5939b6fe6551b205647e20e9a2d144abd68f64b75edd721342861acb3e12450060d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\es\ipc\360netr.dat

Filesize
1KB

MD5
db5227079d3ca5b34f11649805faae4f

SHA1
de042c40919e4ae3ac905db6f105e1c3f352fb92

SHA256
912102c07fcabe6d8a018de20b2ad97ea5f775dcb383cd3376168b7ebf8f9238

SHA512
519ab81d0c3391f88050e5d7a2e839913c45c68f26dabad34c06c461ddb84c781bf7224e4d093462c475700e706eef562d1210cee3dba00a985d8dadbf165c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\es\ipc\appmon.dat

Filesize
28KB

MD5
9a6ba86a05fa29b2060add92e29f74c2

SHA1
eb0f407816d001283ce8e35a46702506232e4659

SHA256
1acdbe9ac338df8714ad24110c651932a29a6c1fdf8bda40d8351aa025694f8b

SHA512
fb3aea6ce2cbc624bb2f8952eed26c263a99a6fbe1b7ed6bea6581984728918655bf1643d2f4fe77a4e7e472b97cf68bbe73d20220a01e27f91e6d48e029a2d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\es\ipc\filemon.dat

Filesize
15KB

MD5
bfed06980072d6f12d4d1e848be0eb49

SHA1
bb5dd7aa1b6e4242b307ea7fabac7bc666a84e3d

SHA256
b065e3e3440e1c83d6a4704acddf33e69b111aad51f6d4194d6abc160eccfdc2

SHA512
62908dd2335303da5ab41054d3278fe613ed9031f955215f892f0c2bb520ce1d26543fa53c75ce5da4e4ecf07fd47d4795fafbdb6673fac767b37a4fa7412d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\es\ipc\regmon.dat

Filesize
30KB

MD5
9f2a98bad74e4f53442910e45871fc60

SHA1
7bce8113bbe68f93ea477a166c6b0118dd572d11

SHA256
1c743d2e319cd63426f05a3c51dfea4c4f5b923c96f9ecce7fcf8d4d46a8c687

SHA512
a8267905058170ed42ba20fe9e0a6274b83dcda0dd8afa77cbff8801ed89b1f108cfe00a929f2e7bbae0fc079321a16304d69c16ec9552c80325db9d6d332d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\es\libdefa.dat

Filesize
319KB

MD5
aeb5fab98799915b7e8a7ff244545ac9

SHA1
49df429015a7086b3fb6bb4a16c72531b13db45f

SHA256
19fa3cbec353223c9e376b7e06f050cc27b3c12d255fdcb5c36342fa3febbec4

SHA512
2d98ed2e9c26a61eb2f1a7beb8bd005eb4d3d0dac297c93faaf61928a05fb1c6343bb7a6b2c073c6520c81befdb51c87383eab8e7ca49bb060b344f2cf08f4d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\es\safemon\drvmon.dat

Filesize
5KB

MD5
c2a0ebc24b6df35aed305f680e48021f

SHA1
7542a9d0d47908636d893788f1e592e23bb23f47

SHA256
5ee31b5ada283f63ac19f79b3c3efc9f9e351182fcabf47ffccdd96060bfa2cf

SHA512
ea83e770ad03b8f9925654770c5fd7baf2592d6d0dd5b22970f38b0a690dfd7cb135988548547e62cca5f09cb737224bbb8f2c15fe3b9b02b996c319f6e271ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\fr\deepscan\art.dat

Filesize
38KB

MD5
0297d7f82403de0bb5cef53c35a1eba1

SHA1
e94e31dcd5c4b1ff78df86dbef7cd4e992b5d8a8

SHA256
81adb709eec2dfb3e7b261e3e279adf33de00e4d9729f217662142f591657374

SHA512
ce8983e3af798f336e34343168a14dc04e4be933542254ce14ff755d5eb2bcb6e745eda488bc24be2b323119006cf0bdb392c7b48558ca30f7f2e170a061a75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\fr\deepscan\dsr.dat

Filesize
58KB

MD5
504461531300efd4f029c41a83f8df1d

SHA1
2466e76730121d154c913f76941b7f42ee73c7ae

SHA256
4649eedc3bafd98c562d4d1710f44de19e8e93e3638bc1566e1da63d90cb04ad

SHA512
f7dd16173120dbfe2dabeab0c171d7d5868fd3107f13c2967183582fd23fd96c7eeca8107463a4084ad9f8560cd6447c35dc18b331fd3f748521518ac8e46632

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\hi\deepscan\dsconz.dat

Filesize
18KB

MD5
f76cd5b5dbcccd3a21df516e6eb814ed

SHA1
5d62c1c3caea405a4ddd0b891d06e41deabcb8ae

SHA256
75f44e910966a657f96eceb5ca734d4cf919f76aae3f862cac2674c533e40c3b

SHA512
edd26a0202b3bb46177d09c322693d67efec8cedd6c285645191cdfbc92299ea3b193fab3de5e39107a5d57e98e144c9c728d544c24020ad43729b72d38a394c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\it\safemon\bp.dat

Filesize
2KB

MD5
1b5647c53eadf0a73580d8a74d2c0cb7

SHA1
92fb45ae87f0c0965125bf124a5564e3c54e7adb

SHA256
d81e7765dacef70a07c2d77e3ab1c953abd4c8b0c74f53df04c3ee4adf192106

SHA512
439738f2cdd0024e4d4f0da9668714fd369fb939424e865a29fc78725459b98c3f8ac746c65e7d338073374ab695c58d52b86aea72865496cd4b20fcd1aa9295

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20230720163826_259511578\temp_files\i18n\it\safemon\wd.ini

Filesize
8KB

MD5
bbcd2bd46f45a882a56d4ea27e6aca88

SHA1
69ec4e9df7648feff4905af2651abff6f6f9cc00

SHA256
dfe29bbd5fa9d1a9aac3efbef341ef02a44fcdf5b826cfa1fdd646bf27fa6655

SHA512
0619a5e55e479da2085602a91d7077ada2892e345a080adcb759fbcf9c51e1d1d07f362c02218ce880ad7858c9c262432b13979a2ff0ba4122a492479c748dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB984.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB9B6.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\360TS_Setup.exe.P2P

Filesize
89.8MB

MD5
37cc7a3cfa663a70bb2602a2e7bfed8e

SHA1
23afd6405dfc91f968f351ba77f8676b2d125562

SHA256
ca7083c2ad634b01fdce938225293bbf45492e71dd2d18ab73e5963806314843

SHA512
4cd43a50c7bd6fd317ee19a876509cb6de7e6e450f1c62fe774231eba762530e02b8a59fd2d1877caa758f2e4b34f6861774afda9188fba1b8046bfd1c505a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe

Filesize
1.5MB

MD5
f435dc3dabb1b510b64fb19340b71d77

SHA1
65767a3aee14af9eaa1d0e6a33ec91c957b6fc9a

SHA256
263637f23549819ee4f5ae31188f923d7ff2a768ffb5b6463fcc33a9a638d92e

SHA512
332580416543333211c6c34ca1eae5dbcb6d5f5c339d559c2f67ab04aaeb8461ae69d8b3f781225048e151c21721b9b4ee0fafb432997085ffd6142b1a2a349f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe

Filesize
1.5MB

MD5
f435dc3dabb1b510b64fb19340b71d77

SHA1
65767a3aee14af9eaa1d0e6a33ec91c957b6fc9a

SHA256
263637f23549819ee4f5ae31188f923d7ff2a768ffb5b6463fcc33a9a638d92e

SHA512
332580416543333211c6c34ca1eae5dbcb6d5f5c339d559c2f67ab04aaeb8461ae69d8b3f781225048e151c21721b9b4ee0fafb432997085ffd6142b1a2a349f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\INetC.dll

Filesize
25KB

MD5
3bcb32a09d868557568f3e3f2148d371

SHA1
c0290c84140b7d6400e5ad73074057c2b1bb3000

SHA256
dab0cb7767e3b764e1e2a67fd19b57f3c8c79c91f9c0c0b4af6853e297d41e5e

SHA512
e8c4b3e14e0a8a12581934d6306b56bead056975413a585024d15028ab76bed8bae952a801ee70f8db7994f446f0dba183f14556957bda6bee58153fbc4190d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\System.dll

Filesize
12KB

MD5
3e5dbc37b5790b6a1137f0441afc93b0

SHA1
1a6e3344004f130bbd7cf19e719b9ad066f4f032

SHA256
6979a3766120389868145d5dcf1310b084a15046b389273fde7ede870e213ca0

SHA512
c0a8eaed8d9d9e3ce438446aa2a3c30fc46d006c412fe5e7cb180e839172d514f0f92bd77582e33ff6189bcba0777f800e3eb7d39019e7fefde8d016abd8565f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\UAC.dll

Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\WebBrowser.dll

Filesize
89KB

MD5
41a61bca2a2fbb8a6d21f4d0e8b4a8ec

SHA1
7dde6859a8012af118fc525a4858365ea4b843e3

SHA256
704630dd4a7d7fa06ec0a763f09595261fbc958a596574d8e55bdb2d1f1292f3

SHA512
989825c697817f8a89e3cc2bff21d81cb8c4900061efacbd9544689edb36c2990adb61b28215939df85d60906925aa22f8e73584e72c363417d3bc5454629c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\bg.jpg

Filesize
64KB

MD5
94eba085b98f34201b78a9dc3a2d0430

SHA1
340ad749e13d6b5df8ecf2ad7ac80926553a318f

SHA256
e06073012a4db331a79e6e9abb5133c508c4eafd1a6ec886a8df30c6b6647c76

SHA512
bc56c981497419d8101951566529c65ccfb84a44a37529513857eb07968e9990518fab4419e05ea6c10cdcdb08c47128b10d1b6dec9e0bc6a6216c66e6539ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\dist_opera.exe

Filesize
2.7MB

MD5
6e0ef3b9910c992e3873411e9981d3b4

SHA1
16a34195478103e45a2480be1766cb432891d371

SHA256
0004331b5681b769781fa22b86539ce87e37975c587acb55bf59bad2738e539e

SHA512
dd7f76c3ca221a13ad69758acc8d1a1d5f50402701357fc04c9e8c7c9a5a25a9823240a942b90ba5531350ad6dd771323167fb3c8cf3504700b496e84c8673d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\dist_opera.exe

Filesize
2.7MB

MD5
6e0ef3b9910c992e3873411e9981d3b4

SHA1
16a34195478103e45a2480be1766cb432891d371

SHA256
0004331b5681b769781fa22b86539ce87e37975c587acb55bf59bad2738e539e

SHA512
dd7f76c3ca221a13ad69758acc8d1a1d5f50402701357fc04c9e8c7c9a5a25a9823240a942b90ba5531350ad6dd771323167fb3c8cf3504700b496e84c8673d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\index2.html

Filesize
1KB

MD5
d0123fa43899c2cae37ecb9e6e2d319a

SHA1
d14bfcc80d4c781a94ffa31cf8e3bd7071d2057c

SHA256
6a2bbaa7c6c16a9368d5010eac7839399bcd7393a93eaff24ce6073112f58290

SHA512
90ba0299dbc44fc0221ae6a84a22a714c6bd92f7f4add413ccc3c5d4c2f8ca03c98df6ab5b66dd803e94c19357aec7d56c9473a1855a9197ace51ff5d1a518a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\nsDialogs.dll

Filesize
9KB

MD5
5bfdc8fb2d2bc96d3c6ad3fa5001fb60

SHA1
3ef791e834af931221d1f52f557d79dad2731763

SHA256
56db8561e64c05a5e1978a4320084b239f8c288183a07f674863f6187ae7ffdb

SHA512
b3ca9ecfe1591a3bbf95d703918c3770dad24e7480b803a38d09158f69d4e1d7be2550bc6c06c0fe8b05282cf5297eac8b9afc28d8835bb182a39d43627ec1c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyB398.tmp\style2.css

Filesize
976B

MD5
d715cc7668789acda252a6f9be7e84e6

SHA1
090fea1ab017f6ec77dfd495d193dcc00167384b

SHA256
5300260cec1b2a5298654789af97686c0a2c1f02894d2712b37b9219db9c7c1f

SHA512
c558ef096c04438431ecc51881f7d65f152ab5b999b09ffb32d4d78300c5ad08d9d0626b33e04db9925a5470079040982ab4adcef654a02868e2b6e049c7453e

Download Submit
\??\c:\program files (x86)\download studio\runtime-qt-5.15.10-wlib3.cab

Filesize
68.9MB

MD5
6efd8f078cd2a94b2627e85222432b9d

SHA1
fdf45acdf09de08dead8b5ad259ad4c160ff9963

SHA256
d905156c9ff57540e901d8bd994f028ab36b48c762a58ff6efc5bb8a59dfee76

SHA512
f7e10988afe8f0a97e4daacb01de69476ea32c60ee3771f68fe11e7e982a76965c631ce0020f170255870b15ddd7e31f5cbaab8afc0dee1809d21e4997eb0a9e

Download Submit
\Program Files (x86)\Download Studio\Qt5Core.dll

Filesize
5.3MB

MD5
8ab4b019dae957fb68ac0f98ebe55bd1

SHA1
3a1067a9463d5e848e45a51f7a2938afcbe4e7ce

SHA256
5d481e47c52fc19c3d299a5c2ef1cfada104c95e94ccf245b3369c5b1c629401

SHA512
70c0746aa0c95813f9b632933b0411ba3f7837d8e9942a6b2e9d5f4b13264f9e5de44da5e28c28f971050d5ffbc2bc0da8bfd447f9298f12d5594bd9cc96d82f

Download Submit
\Program Files (x86)\Download Studio\Qt5Gui.dll

Filesize
5.6MB

MD5
b22f7cc34f0f06287d46ff54a09c36d4

SHA1
dfcd297a36f7f6f30681583c1478370be2eb01ca

SHA256
a14bb5c9db72ee6a9c69084dfb45c0f48ee4d2087721515029d3ebdf71a8c47e

SHA512
3890566d982e7719c5917d9d737f7d6db1c3438a18a0f5f6e6f690d850a103a1e294af8350afb6ddb99642dc1ca69863905df0ed64ca8f988fa494ad637bf2e3

Download Submit
\Program Files (x86)\Download Studio\Qt5Network.dll

Filesize
1.0MB

MD5
afc2e1fcd751e37ecd564a8105a64c01

SHA1
934b5c6361253e84e89e603713583d0f3ee23e5d

SHA256
7485401e0318887fdb69f60ac2cb5a58b0703e5efcc382477c6f38fd052161f2

SHA512
29501848640e8c1e5400bfd52eaa04f3101d2e8d28681db79e14720869a5da65db0032ef1228eba15f645a0e943659fc6d6bd1b037d937363e1bd89e977db3d2

Download Submit
\Program Files (x86)\Download Studio\Qt5Positioning.dll

Filesize
266KB

MD5
8f4f9c9c1846248cdda9a6648039c617

SHA1
dd9aac21275940161d770b9ec001c87aa4d62bff

SHA256
f60fd07426ca029d7daf8e5d9a6fee0fa83e04fd923c0528322fe7a1a6a403f8

SHA512
391f8f0cc2a929be2a87be29dfb1f39509c9b04d4f19a778ef11a22e515212d7361b2cbf441e3e44b0482619dadee1d6727a0eb734909ff6c96016908709c17d

Download Submit
\Program Files (x86)\Download Studio\Qt5PrintSupport.dll

Filesize
256KB

MD5
c92d4e052e6a57e6fd8e934cc037f464

SHA1
ecaa9cbc61fb74d8916b1114debadd7495a5353c

SHA256
9cc39dd6e51643fc1741c1499a4c81213cc4d56ea26c1fe42ccf5ecefa4f32e4

SHA512
583919eb467a1390ec6a290038d83f1bec80d986258b983b70bdd5dccc184ecde4e44e58bb24aa47a80d892b246bcca4969b82cd1e9bc85592d076330c2bf458

Download Submit
\Program Files (x86)\Download Studio\Qt5Qml.dll

Filesize
2.9MB

MD5
29a58521fcbc1960e212773d5388225b

SHA1
9a49bc7c6ea1fe207d07b4f262ad1cb3df33ede6

SHA256
f797ca28938aa165a0df90f7a999baaee51c26166f42520fd93cae03b852e490

SHA512
b757fcb2e64e2138910ecf53406e632cbaa38b465da2451f84d301c8600312a540e95f1c82505b50c86d6ab8c7a8bfef3d83b5d741fbc871a456044e861b4965

Download Submit
\Program Files (x86)\Download Studio\Qt5QmlModels.dll

Filesize
340KB

MD5
aef413d1a6b2951b5a39c2538807601b

SHA1
5ab3b29358f5bc38ddee6663acb848e2636bc190

SHA256
8e6a1b32f4cefb13eef92dfe64dd9d998d823718baf8c48d5eb003ea98d76bff

SHA512
4b54fc12daaa83964853b210d3637d6331c52578b93f164903e86385514268d54c77a6d8721c2fd9cc149667d92f28a4148f95a4743a190af6b7ceba0be88f9e

Download Submit
\Program Files (x86)\Download Studio\Qt5Quick.dll

Filesize
3.4MB

MD5
4907ce0e363c8b461c72d5798d25edca

SHA1
01c2b1890087cceedca78c2e78665e013f5c8c4d

SHA256
a2a33ca9444dcc3b1effa97c94c9993425e4fb5a27e35f1aeb2103fa28c6cc68

SHA512
073da03406e92c96ff5597f81e4cc06ed92889680afc0ab94ee0024c848f5183fdf11357ac22629611a0f7e9b396448f887d4ad996ff6018eb4a27c45b4301d6

Download Submit
\Program Files (x86)\Download Studio\Qt5QuickWidgets.dll

Filesize
61KB

MD5
91727bd6144abd8e3d454b6c99904465

SHA1
fa01b3d2a3bfb20c66186e624b46cb8ab7ebf73d

SHA256
dc653c4057bdf6aa23249d2eeda36715689929391331a062b12faf1d5287214f

SHA512
922e939d6a455b97f368362fe3420808a5f1c8ca1a63b068e51edae1fcaeb2d65bd9604c5c83cc362c58faca1c7f869bcea373323503964b66e96a755be204b9

Download Submit
\Program Files (x86)\Download Studio\Qt5Sql.dll

Filesize
164KB

MD5
d1336a9e2a76b9145727297a6dec0960

SHA1
40f6e93721a37b61d5d6be8634b982c1faf08bd5

SHA256
31b6d0fa4d8b7c47d16709659e2059fd2f8e1afc05cdee85cdce24138fcd5e13

SHA512
47c4c340c051a8a2db49f9e5ddd8051632f57ef80d01e6acaad688f62846e9245f896a9cce41f7774750cf90d5f4b7e13241805a2588498aada8a3cf1dc8cdae

Download Submit
\Program Files (x86)\Download Studio\Qt5WebChannel.dll

Filesize
100KB

MD5
eb5aedb2cfb1c1e1021828115fa5da41

SHA1
4fcd786fd7d10c980d8aa6eafcb6eb954696dca5

SHA256
1631fcfa080519a376854dcfe3f497c013c936c784f6f45f9bbd65383f41d3ff

SHA512
ce3654bdaf537305d0464faebafaeba6c53bda8cebf1282988a872ab5d61559a13e5ec79ef6a26b2fa028c469963872027b7b28492beb7bf980fb28502e3f699

Download Submit
\Program Files (x86)\Download Studio\Qt5WebEngineCore.dll

Filesize
78.2MB

MD5
9f01c86677617b027ee5a104b953a5df

SHA1
16f9e8cd335dddbc70666fa9f658f01845b509c0

SHA256
446b87e13ff147183776e1898102071b842a7b43a20f25765f1de5034cffcb5d

SHA512
165d361268f8353fd703379682ba70225dd5012e9ffa1e4c7ded42e4c0f16d4866820f6eb8bccadd3ab8527cf4ddb6efb1b78f265a61c431455c290a750b423a

Download Submit
\Program Files (x86)\Download Studio\Qt5WebEngineWidgets.dll

Filesize
195KB

MD5
e6c5d0eadf2775d10c240f400fbd8bf9

SHA1
3f127b90acb1b1cf9d88689b93d661e91700a2bb

SHA256
39e84bd06019082056c09404ba9a11e7f8c1b91b99887d1cde081155c5dd9007

SHA512
972ddb4f9878977f79597f5d89e5c29015b6d7e1c70c3679e642fe7bd779cf28ce20785690c3775656092e785d140b8c81d8c644af6b0a680805b314192e1041

Download Submit
\Program Files (x86)\Download Studio\Qt5WebSockets.dll

Filesize
111KB

MD5
4f5acac152034012b5b31aa02858cddd

SHA1
eb1c4b1338bb53c2abdb806df34e057e790fbfa3

SHA256
cba6631fa02ee9e1c16170740541ac1386ebf0e53895c78d49a98369e85886d3

SHA512
71b516176dedfb70ee89815dd82909baa232289852e321b067674a0c838f4dee8df6fd4220b5c6f612ec5e5de02d04f165005eaf99cd57efb661498ea8636c09

Download Submit
\Program Files (x86)\Download Studio\Qt5Widgets.dll

Filesize
4.4MB

MD5
ef382699be92f9fb668f58cd44aba95a

SHA1
94016b0fbaa9252ef6b9e56617102b20e1a2c562

SHA256
c225037b4e34f7ff7f31e14a4825492d2cc10d28e5be2373417bf3fd89aadd2d

SHA512
993ee327d78f0ab35b524d061aa30c55c0b1604a5c49d345885d47f7daf77b030446a5038a6a300aac1f2774271364a13c6e09c9d0441da31e1cd76acc893a69

Download Submit
\Program Files (x86)\Download Studio\dstudio-gui.exe

Filesize
943KB

MD5
8de6d337e002856ae5f35ebaa583e6ee

SHA1
243d3f67d0cbbbf7a7abea94f1b3aaeb2d88cf74

SHA256
b4fe5f47fb8c7e11c3e0ad5d5df6be3d6901128575162df617bbea68f8470cff

SHA512
b0a246390aa09f42b86305f84e175649a2254a4f66560f2f53f425d936dfadbfb60aa9e48438811daf304f1edab9ec03ff62f2c56d32aded59436e64096c5781

Download Submit
\Program Files (x86)\Download Studio\libnatpmp.dll

Filesize
13KB

MD5
5ad8494d6121eda5308398a88d958d68

SHA1
36b3c3b9b11283fa6a91df3a259554f8bb610c42

SHA256
f29c34baefad270b7fa663b49b14e5ae714fd0f02c95cdb1eb04849c606c004a

SHA512
8ae74a0ce30dcfdbdf1159127ea2908513b2b7c783c44de791a618bdeb7f552a6c6bc65827c19800e8920503fb80dd027ec9c47cc99846080cac8d1473e84ba5

Download Submit
\Program Files (x86)\Download Studio\miniupnpc.dll

Filesize
49KB

MD5
4a065453e93067e8b715f235d3b17181

SHA1
36c06cd6ae96735328057b97496d62c362ae75db

SHA256
1c31f0cde2a50b24d7b8364c5d12400dcc54d350e1296f7a3379d87a2fa397bb

SHA512
775528f2bbe95d178b20fa67c26c4732994a247b59afacf40b3ddcb482436d35997a269aa7294305f612607c601314b7d8bcf1447c978c784ec40a7951c55d52

Download Submit
\Program Files (x86)\Download Studio\msvcp140.dll

Filesize
437KB

MD5
dc739066c9d0ca961cba2f320cade28e

SHA1
81ed5f7861e748b90c7ae2d18da80d1409d1fa05

SHA256
74e9268a68118bb1ac5154f8f327887715960ccc37ba9dabbe31ecd82dcbaa55

SHA512
4eb181984d989156b8703fd8bb8963d7a5a3b7f981fe747c6992993b7a1395a21f45dbedf08c1483d523e772bdf41330753e1771243b53da36d2539c01171cf1

Download Submit
\Program Files (x86)\Download Studio\msvcp140_1.dll

Filesize
32KB

MD5
ca41f812e04bf186926c8e312ed86990

SHA1
06ad85c589487bb6a172c41164e404c152f58c1b

SHA256
037da271a83151debaa648a35cf5ce9ee9b8fedaa7e437bee1b44ece54ad9933

SHA512
796e43a7057ef7e0fc6863c221e43cec4e14c019e5ea2526ce4683f29702c25e7f478b1f27af59b21302de0e466483d1b846409f1e976d04c687f84b2c2ddabd

Download Submit
\Program Files (x86)\Download Studio\vcruntime140.dll

Filesize
88KB

MD5
1d4ff3cf64ab08c66ae9a4013c89a3ac

SHA1
f9ee15d0e9b0b7e04ff4c8a5de5afcffe8b2527b

SHA256
65f620bc588d95fe2ed236d1602e49f89077b434c83102549eed137c7fdc7220

SHA512
65fbd68843280e933620c470e524fba993ab4c48ede4bc0917b4ebe25da0408d02daec3f5afcd44a3ff8aba676d2eff2dda3f354029d27932ef39c9fdea51c26

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2307201637287422900.dll

Filesize
4.5MB

MD5
d457c7babc8cb0909303e5a46e70eeb2

SHA1
912fb82d1e6b7489b8b41e1f80f4a991fe9db2a8

SHA256
1f4a482f829847a57e663101cda02443aead44b1eab9fdc3f1da6b3015643160

SHA512
6a335fffb02fe06fc4ecf81d091e5ea9c10225427cb4ca70da5fadba17c2223507afd6de9b6b073c4ad05c0554d42a02e4b9980f20bd01e17328c46847275e8d

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\360TS_Setup_Mini_WW_dstudio_CPI202206_6.6.0.1054.exe

Filesize
1.5MB

MD5
f435dc3dabb1b510b64fb19340b71d77

SHA1
65767a3aee14af9eaa1d0e6a33ec91c957b6fc9a

SHA256
263637f23549819ee4f5ae31188f923d7ff2a768ffb5b6463fcc33a9a638d92e

SHA512
332580416543333211c6c34ca1eae5dbcb6d5f5c339d559c2f67ab04aaeb8461ae69d8b3f781225048e151c21721b9b4ee0fafb432997085ffd6142b1a2a349f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\INetC.dll

Filesize
25KB

MD5
3bcb32a09d868557568f3e3f2148d371

SHA1
c0290c84140b7d6400e5ad73074057c2b1bb3000

SHA256
dab0cb7767e3b764e1e2a67fd19b57f3c8c79c91f9c0c0b4af6853e297d41e5e

SHA512
e8c4b3e14e0a8a12581934d6306b56bead056975413a585024d15028ab76bed8bae952a801ee70f8db7994f446f0dba183f14556957bda6bee58153fbc4190d2

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\INetC.dll

Filesize
25KB

MD5
3bcb32a09d868557568f3e3f2148d371

SHA1
c0290c84140b7d6400e5ad73074057c2b1bb3000

SHA256
dab0cb7767e3b764e1e2a67fd19b57f3c8c79c91f9c0c0b4af6853e297d41e5e

SHA512
e8c4b3e14e0a8a12581934d6306b56bead056975413a585024d15028ab76bed8bae952a801ee70f8db7994f446f0dba183f14556957bda6bee58153fbc4190d2

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\INetC.dll

Filesize
25KB

MD5
3bcb32a09d868557568f3e3f2148d371

SHA1
c0290c84140b7d6400e5ad73074057c2b1bb3000

SHA256
dab0cb7767e3b764e1e2a67fd19b57f3c8c79c91f9c0c0b4af6853e297d41e5e

SHA512
e8c4b3e14e0a8a12581934d6306b56bead056975413a585024d15028ab76bed8bae952a801ee70f8db7994f446f0dba183f14556957bda6bee58153fbc4190d2

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\INetC.dll

Filesize
25KB

MD5
3bcb32a09d868557568f3e3f2148d371

SHA1
c0290c84140b7d6400e5ad73074057c2b1bb3000

SHA256
dab0cb7767e3b764e1e2a67fd19b57f3c8c79c91f9c0c0b4af6853e297d41e5e

SHA512
e8c4b3e14e0a8a12581934d6306b56bead056975413a585024d15028ab76bed8bae952a801ee70f8db7994f446f0dba183f14556957bda6bee58153fbc4190d2

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\INetC.dll

Filesize
25KB

MD5
3bcb32a09d868557568f3e3f2148d371

SHA1
c0290c84140b7d6400e5ad73074057c2b1bb3000

SHA256
dab0cb7767e3b764e1e2a67fd19b57f3c8c79c91f9c0c0b4af6853e297d41e5e

SHA512
e8c4b3e14e0a8a12581934d6306b56bead056975413a585024d15028ab76bed8bae952a801ee70f8db7994f446f0dba183f14556957bda6bee58153fbc4190d2

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\INetC.dll

Filesize
25KB

MD5
3bcb32a09d868557568f3e3f2148d371

SHA1
c0290c84140b7d6400e5ad73074057c2b1bb3000

SHA256
dab0cb7767e3b764e1e2a67fd19b57f3c8c79c91f9c0c0b4af6853e297d41e5e

SHA512
e8c4b3e14e0a8a12581934d6306b56bead056975413a585024d15028ab76bed8bae952a801ee70f8db7994f446f0dba183f14556957bda6bee58153fbc4190d2

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\Opera_installer_2307201637359802900.dll

Filesize
4.5MB

MD5
d457c7babc8cb0909303e5a46e70eeb2

SHA1
912fb82d1e6b7489b8b41e1f80f4a991fe9db2a8

SHA256
1f4a482f829847a57e663101cda02443aead44b1eab9fdc3f1da6b3015643160

SHA512
6a335fffb02fe06fc4ecf81d091e5ea9c10225427cb4ca70da5fadba17c2223507afd6de9b6b073c4ad05c0554d42a02e4b9980f20bd01e17328c46847275e8d

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\System.dll

Filesize
12KB

MD5
3e5dbc37b5790b6a1137f0441afc93b0

SHA1
1a6e3344004f130bbd7cf19e719b9ad066f4f032

SHA256
6979a3766120389868145d5dcf1310b084a15046b389273fde7ede870e213ca0

SHA512
c0a8eaed8d9d9e3ce438446aa2a3c30fc46d006c412fe5e7cb180e839172d514f0f92bd77582e33ff6189bcba0777f800e3eb7d39019e7fefde8d016abd8565f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\UAC.dll

Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\UAC.dll

Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\WebBrowser.dll

Filesize
89KB

MD5
41a61bca2a2fbb8a6d21f4d0e8b4a8ec

SHA1
7dde6859a8012af118fc525a4858365ea4b843e3

SHA256
704630dd4a7d7fa06ec0a763f09595261fbc958a596574d8e55bdb2d1f1292f3

SHA512
989825c697817f8a89e3cc2bff21d81cb8c4900061efacbd9544689edb36c2990adb61b28215939df85d60906925aa22f8e73584e72c363417d3bc5454629c17

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\dist_opera.exe

Filesize
2.7MB

MD5
6e0ef3b9910c992e3873411e9981d3b4

SHA1
16a34195478103e45a2480be1766cb432891d371

SHA256
0004331b5681b769781fa22b86539ce87e37975c587acb55bf59bad2738e539e

SHA512
dd7f76c3ca221a13ad69758acc8d1a1d5f50402701357fc04c9e8c7c9a5a25a9823240a942b90ba5531350ad6dd771323167fb3c8cf3504700b496e84c8673d1

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\nsDialogs.dll

Filesize
9KB

MD5
5bfdc8fb2d2bc96d3c6ad3fa5001fb60

SHA1
3ef791e834af931221d1f52f557d79dad2731763

SHA256
56db8561e64c05a5e1978a4320084b239f8c288183a07f674863f6187ae7ffdb

SHA512
b3ca9ecfe1591a3bbf95d703918c3770dad24e7480b803a38d09158f69d4e1d7be2550bc6c06c0fe8b05282cf5297eac8b9afc28d8835bb182a39d43627ec1c4

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB398.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
\Users\Admin\AppData\Local\Temp\{0FD85E11-3275-47a9-9C98-468407790FA6}.tmp\360P2SP.dll

Filesize
824KB

MD5
fc1796add9491ee757e74e65cedd6ae7

SHA1
603e87ab8cb45f62ecc7a9ef52d5dedd261ea812

SHA256
bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60

SHA512
8fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d

Download Submit
memory/540-833-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/540-878-0x0000000007110000-0x0000000007649000-memory.dmp

Filesize
5.2MB

Download
memory/540-830-0x0000000000340000-0x0000000000350000-memory.dmp

Filesize
64KB

Download
memory/540-840-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/540-1839-0x0000000007110000-0x0000000007649000-memory.dmp

Filesize
5.2MB

Download
memory/540-832-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/540-1832-0x0000000007110000-0x0000000007649000-memory.dmp

Filesize
5.2MB

Download
memory/540-841-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/540-875-0x0000000007110000-0x0000000007649000-memory.dmp

Filesize
5.2MB

Download
memory/1692-834-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1748-978-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/2212-366-0x0000000005B10000-0x000000000603B000-memory.dmp

Filesize
5.2MB

Download
memory/2212-226-0x0000000005B10000-0x000000000603B000-memory.dmp

Filesize
5.2MB

Download
memory/2212-731-0x00000000047A0000-0x00000000047A2000-memory.dmp

Filesize
8KB

Download
memory/2272-885-0x00000000012B0000-0x00000000017E9000-memory.dmp

Filesize
5.2MB

Download
memory/2272-1844-0x00000000012B0000-0x00000000017E9000-memory.dmp

Filesize
5.2MB

Download
memory/2448-849-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/2900-230-0x0000000000010000-0x000000000053B000-memory.dmp

Filesize
5.2MB

Download
memory/2900-831-0x0000000000010000-0x000000000053B000-memory.dmp

Filesize
5.2MB

Download
memory/3008-291-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download