d45fd0cfb8f27e48cf7e702363a12dab3485a70fc551f24468d420f3a72bd072

Analysis

max time kernel
150s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2023 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

360驱动大师纯净版-2.0.0.1950-绿色单文件.exe
Size

8.8MB
MD5

ba07e3a87cf53d52b992c4145afbecd5
SHA1

555b0f2f552b1e57a11198483abc8e47f1cc4b31
SHA256

d45fd0cfb8f27e48cf7e702363a12dab3485a70fc551f24468d420f3a72bd072
SHA512

b57e1e1165abf7c2298320c0b781c4574d7a8e13f045fbca33d4523972c588d0135b51f06710df62a2e2e38808f499db19736c78735c5c2aac1e9e1c81b81691
SSDEEP

196608:MgcoZEKyKmEq7ShDAo7FJCo+mIGasCZleUxxYBVG1ZsR1hjPqzCEQ9lJjFJH9fY:MgTZEKy/Eq6x7SoDaeMuVfR1hTfJH9g

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4640	360DrvMgr.exe
2572	ComputerZService.exe

Loads dropped DLL 9 IoCs

pid	Process
4640	360DrvMgr.exe
4640	360DrvMgr.exe
4640	360DrvMgr.exe
4640	360DrvMgr.exe
4640	360DrvMgr.exe
4640	360DrvMgr.exe
4640	360DrvMgr.exe
4640	360DrvMgr.exe
2572	ComputerZService.exe

Enumerates connected drives 3 TTPs 25 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	ComputerZService.exe
File opened (read-only)	\??\N:	ComputerZService.exe
File opened (read-only)	\??\Z:	ComputerZService.exe
File opened (read-only)	\??\W:	ComputerZService.exe
File opened (read-only)	\??\F:	360DrvMgr.exe
File opened (read-only)	\??\E:	ComputerZService.exe
File opened (read-only)	\??\I:	ComputerZService.exe
File opened (read-only)	\??\K:	ComputerZService.exe
File opened (read-only)	\??\M:	ComputerZService.exe
File opened (read-only)	\??\O:	ComputerZService.exe
File opened (read-only)	\??\P:	ComputerZService.exe
File opened (read-only)	\??\Q:	ComputerZService.exe
File opened (read-only)	\??\F:	ComputerZService.exe
File opened (read-only)	\??\A:	ComputerZService.exe
File opened (read-only)	\??\G:	ComputerZService.exe
File opened (read-only)	\??\T:	ComputerZService.exe
File opened (read-only)	\??\X:	ComputerZService.exe
File opened (read-only)	\??\Y:	ComputerZService.exe
File opened (read-only)	\??\R:	ComputerZService.exe
File opened (read-only)	\??\S:	ComputerZService.exe
File opened (read-only)	\??\U:	ComputerZService.exe
File opened (read-only)	\??\V:	ComputerZService.exe
File opened (read-only)	\??\B:	ComputerZService.exe
File opened (read-only)	\??\H:	ComputerZService.exe
File opened (read-only)	\??\L:	ComputerZService.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	360DrvMgr.exe
File opened for modification	\??\PhysicalDrive0	360DrvMgr.exe
File opened for modification	\??\PhysicalDrive0	ComputerZService.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_volume.PNF	ComputerZService.exe
File created	C:\Windows\INF\c_processor.PNF	ComputerZService.exe
File created	C:\Windows\INF\c_media.PNF	ComputerZService.exe
File created	C:\Windows\INF\c_display.PNF	ComputerZService.exe
File created	C:\Windows\INF\c_monitor.PNF	ComputerZService.exe
File created	C:\Windows\INF\c_diskdrive.PNF	ComputerZService.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE	360DrvMgr.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE\360DrvMgr.exe = "8000"	360DrvMgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	360DrvMgr.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\360DrvMgr.exe = "8000"	360DrvMgr.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	360DrvMgr.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	360DrvMgr.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	360DrvMgr.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	360DrvMgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	ComputerZService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	ComputerZService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	ComputerZService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	360DrvMgr.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4640	360DrvMgr.exe
4640	360DrvMgr.exe
2572	ComputerZService.exe
2572	ComputerZService.exe
2572	ComputerZService.exe
2572	ComputerZService.exe
2572	ComputerZService.exe
2572	ComputerZService.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe
Token: 33	2572	ComputerZService.exe
Token: SeIncBasePriorityPrivilege	2572	ComputerZService.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4640	360DrvMgr.exe
4640	360DrvMgr.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 3936	2908	360驱动大师纯净版-2.0.0.1950-绿色单文件.exe	86
PID 2908 wrote to memory of 3936	2908	360驱动大师纯净版-2.0.0.1950-绿色单文件.exe	86
PID 2908 wrote to memory of 3936	2908	360驱动大师纯净版-2.0.0.1950-绿色单文件.exe	86
PID 3936 wrote to memory of 4640	3936	360驱动大师纯净版-2.0.0.1950-绿色单文件.exe	87
PID 3936 wrote to memory of 4640	3936	360驱动大师纯净版-2.0.0.1950-绿色单文件.exe	87
PID 3936 wrote to memory of 4640	3936	360驱动大师纯净版-2.0.0.1950-绿色单文件.exe	87
PID 4640 wrote to memory of 2572	4640	360DrvMgr.exe	99
PID 4640 wrote to memory of 2572	4640	360DrvMgr.exe	99
PID 4640 wrote to memory of 2572	4640	360DrvMgr.exe	99

C:\Users\Admin\AppData\Local\Temp\360驱动大师纯净版-2.0.0.1950-绿色单文件.exe
"C:\Users\Admin\AppData\Local\Temp\360驱动大师纯净版-2.0.0.1950-绿色单文件.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\360驱动大师纯净版-2.0.0.1950-绿色单文件.exe
  "C:\Users\Admin\AppData\Local\Temp\360驱动大师纯净版-2.0.0.1950-绿色单文件.exe" -sfxwaitall:0 "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3936
- - C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
    "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Writes to the Master Boot Record (MBR)
    - Modifies Internet Explorer settings
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe
      "C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Writes to the Master Boot Record (MBR)
      Drops file in Windows directory
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
471B

MD5
1de8250ee142210e8c8f01e9cba82bff

SHA1
3b72a65f4a727fa564a617a8be77229f786cf310

SHA256
2e3a7fa827d023f4edd917154b2704bbdc89d98677875bf52fa4171338f83906

SHA512
920b381ecffadc5aec36dfd7bbbb24175692354344a32845caaa617f912b8198ca63d57ff2bed54e26bf7216553f91bd06d857ef13e410c002f2d6d637815c1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_B94B0F2F07332C3F5B6A37DB89E3F3B7

Filesize
471B

MD5
d12eb7e1e7e9c642959ea91a2be86085

SHA1
05da2b9f2fb7ea33293c91a431586f59d2f9b8a0

SHA256
b1de9ea1d8c3a8221b3bdef15332d605d3852e04533edadd54c270f1fb23f9c7

SHA512
96b8809b0c336ed97ee8e8ad59f6964fd9d52ef75a337f4421ad0e7a9d2a25451e09b24162b784f6d4f459a8236454f1a567ed21794ea4d9c03dcdb48517b2ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
404B

MD5
b8697b14fed97facb2d976500b3c8b20

SHA1
d29561aae2b12e211a36764b3d9b6784a49c1caf

SHA256
a42a7ec31964e62b60eafeb5d65451ff7e6126c857c2727145f8f206db98668a

SHA512
2d73aebd53377518b211aaffbf2c8dbfddb60ba706f249347e4906dacc8f18fcfe4a25185b7650b9e8f1b9bd3ffd69bdca3c92cbd567cd8863b839a2121545bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_B94B0F2F07332C3F5B6A37DB89E3F3B7

Filesize
404B

MD5
426ca91306c09a7ac293fed4aca55f05

SHA1
64ccd57ae4b82f03b8b4f409c730e87d5676d546

SHA256
108279e9f27b6070ea5e56d3b1078e8019bbd524f0683653daf93997ac173563

SHA512
8058fbb8c16d28229aabcc066e6432abd399f526aae09d69a288a7a16c3686dc513e3a9206d411fdfdc1f1d1e0bf0e65e2ad0420f3785c422869cd931ab4b51e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360Base.dll

Filesize
900KB

MD5
a73cf0457df35fab74ef3393d2766667

SHA1
c123e15967e7ab980eba5431a6993e646500befd

SHA256
df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd

SHA512
faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360Base.dll

Filesize
900KB

MD5
a73cf0457df35fab74ef3393d2766667

SHA1
c123e15967e7ab980eba5431a6993e646500befd

SHA256
df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd

SHA512
faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe

Filesize
1.4MB

MD5
b90bb3316792472665b0e3b5eb3b00e9

SHA1
e4d014496d3fd2e8781715090660c03361e46da9

SHA256
ce4e49e9c303f78b6bf6128806b90960ab1a854d49ef5ca92a1b06a6a1c720bf

SHA512
6e950be9d434aa8a76d56d86daf0b51182e01b1c525a1f9b6269f669e7f9e1d2359882c0ccff935884fa1ed19c6b13a6f9e1fa89522f47510017535b64ab8be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe

Filesize
1.4MB

MD5
b90bb3316792472665b0e3b5eb3b00e9

SHA1
e4d014496d3fd2e8781715090660c03361e46da9

SHA256
ce4e49e9c303f78b6bf6128806b90960ab1a854d49ef5ca92a1b06a6a1c720bf

SHA512
6e950be9d434aa8a76d56d86daf0b51182e01b1c525a1f9b6269f669e7f9e1d2359882c0ccff935884fa1ed19c6b13a6f9e1fa89522f47510017535b64ab8be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360LibDrvmgr.dat

Filesize
5KB

MD5
558127b5baa12ee8af3bfaee9abe2579

SHA1
3168b01e5261bd1d233ae6689851d4bd11969f77

SHA256
fbd649e49ebea36794d40716314bd4121b0f1ee5c0ec75f7c325345633f0a03d

SHA512
d11a0eea7d2a9d85e38216e45fc4a4c8b77119b509365749bf9b57e8d238c1469096032ec4d4f133076a9b7414fe31339cbd93338766329a3160de7d272bb4fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetBase.dll

Filesize
1.4MB

MD5
14c6b4bbd31f6fd13530bc941cc71d1a

SHA1
ce4e38ac82a54f64d318507ddc28f9ffbb378f0f

SHA256
401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5

SHA512
c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetBase.dll

Filesize
1.4MB

MD5
14c6b4bbd31f6fd13530bc941cc71d1a

SHA1
ce4e38ac82a54f64d318507ddc28f9ffbb378f0f

SHA256
401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5

SHA512
c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360NetUL.dll

Filesize
241KB

MD5
240e9b9b2b3f2a134070b7d5084278d3

SHA1
a39ce3213f364ec8435833afa36619e6d6fd24b0

SHA256
003e2f8225ae4bfe3487dea759c6e44176fb96ff89fb162904c7c923e9c78720

SHA512
2cdd9cd946b4a6df110f22197290090c1b4b734c9b9120e6403866342b17c50cd8a71d566ff0f284a03b5202af9f06248de71da1314486dbed58a64225cf5745

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360P2SP.dll

Filesize
689KB

MD5
75ae5114927b0200ea73e016211ae572

SHA1
15ae658c082afcab51ade61b8ed6699a978b5e05

SHA256
8e38aeb187edd59329007fe10d2b509e5566256e993a127902d57bac66b17346

SHA512
ae65e304fc669b98c5d137c4e7cba591e075b9d1b588af1d7eea2458776c29b2a2ccd06ea37aeb89d0cd0ebcb155aec7a6a0a842da4ac36f9b512049967e59fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\360net.dll

Filesize
477KB

MD5
2bca9e782840c8214dbc3ef6ee64404c

SHA1
9144db795c7b092ac55a5b59c0eb569e3432cfec

SHA256
1320ce2bf517978d3c65cf9cb8390318f3ea1896ef10a66b53a1832792341c62

SHA512
87188cdd4d581c9b20bb36451f0376837bfe5489b685dc28a902af441f0681ff89922138d1a160f4d926189b2ae491a7fb7158c60596116f9f09e6c9516d5c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\7za.dll

Filesize
777KB

MD5
34f4329522a2b16d1bc9ad4ab58d9fc1

SHA1
04ec3c21a59a15a85b29bead3733f0ceccce8680

SHA256
fc07200668d45a640bbd5f6997851e31a20941fcb661f8e09469899becebdf8a

SHA512
ab8efc3dee9319401634dc3d8e6fe8282dc14a6058cf923af2d69656e58ed3724cfd5d466801fcf0bf53510f5b3197986972240693e4b1bbdcc9ae562ae0eb6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ.set

Filesize
44B

MD5
d737485ead4da4a05c35bf206bfdc494

SHA1
fbc47e5e4454346ea9f9e1e5f18e2c2c270e7b65

SHA256
e7d5fa13b9e2ae03f58e80ba5290ed8412f520e6b03f9dd2e36b373c993c92a9

SHA512
1827215cef9059bedd02f8237702db026ce3688a4c1d0e00f2a571947d0840c9907bedc3f5cd79d2a23add62d18ae10680273d02519a6f1fc4ff88970099a9e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ.set

Filesize
59B

MD5
0546cc905147742c3e999f66a1929174

SHA1
5d200aff3073cd430ea4913afc14264c381fbe72

SHA256
9d74c747cc335cfae01692cc13d53c2f3ff6d944a27b7d5cf581543ec2fa1ea4

SHA512
229f4ff3e3e5adfd32b3253bef9d07d8d319f5a3833d26248a90abcd264defe76541f76f972532d0884a4b47cd97e3f251650abb95eb016c88776e5da19848b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ.set

Filesize
139B

MD5
aa6981cec0d02685c70c24f8b47bb016

SHA1
6b66a664a5e6b49ee565e591ee5e99818cf74d75

SHA256
e5212675b950bc7e6fbfd06a26babf512075e9b3af7a8270005ca983a7cbac49

SHA512
ac07d2ab5208ee05921f8d59622567b4b592cbcb5e91b8028d347028cc737be365f60b56a091dad7d409ee879536fb8cc8d4e18b13a159368449568c383ad570

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ.set

Filesize
151B

MD5
9ef064c23741c87119d1586cd82eed94

SHA1
151dec7e6283450a046dea63f35a8b9f9ffc90e8

SHA256
58df96ccfd690a9678baa3520a662ca94bb1c64aedd7a2cd50ae47c0021049c0

SHA512
60e1f712543a83e8e4cd375d02d63d35d9aac41654c91fe63890163d96877ca79c0776cacffdefe929f6e8993bb3a4564db29e6f7a34699e68e5619bed969f48

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ1.dll

Filesize
1.1MB

MD5
6dbf812d5b61f30a21ddccaec30b4452

SHA1
4778e2d043ac593193e5e15056bb98bba564c246

SHA256
197c529acff08fbc13b11010d95c270e50ddd867f783cfec598c5f831f847033

SHA512
7b9506902c1d0a6b8b74e068be87a7d4fec8a96b3d1b05d06d533d4ef995abc7e2ce24a8d37e38b19b62ad5b316e10831c220df44360a15a6b89e18767bea699

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ2.dll

Filesize
229KB

MD5
a75f38215a115f9260b58cdd935d7d81

SHA1
dbb7d9d7e69cd5f2f4cda49bebc0fd922316a866

SHA256
102459b35d0b36f915b2cafc2e083d95f4e042815c732a2520dfb646efae4cd1

SHA512
3eeacb82ed9e61d9dc8fec13c2f87fd07b90a5052dd1a3482ee4cdb5122db77587078e7966bf72d73b776973bac09f53f37081f4af0828f1a914c0cd31d03ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ5.dll

Filesize
197KB

MD5
d8308aa7cc08c3a56c9187029db56702

SHA1
f8a1b97e321660d814d4d01f03911f6da0caed9d

SHA256
850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8

SHA512
0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe

Filesize
2.1MB

MD5
4cc0dca3267469362678cf23133937e2

SHA1
69fc84e97da121602a93a81817f2aa9528790498

SHA256
48428b09f1900c7aa4b3e74661325e9ff93963d32b202fd0e60deca8a672772f

SHA512
186a2e868ddeef7556752d6b6a400b4a650788290279b9c20591a71918e0718ff6792260e3d689473c0fddd63b1f1d12bd666d7f391ca11364df179eaa0cb01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZService.exe

Filesize
2.1MB

MD5
4cc0dca3267469362678cf23133937e2

SHA1
69fc84e97da121602a93a81817f2aa9528790498

SHA256
48428b09f1900c7aa4b3e74661325e9ff93963d32b202fd0e60deca8a672772f

SHA512
186a2e868ddeef7556752d6b6a400b4a650788290279b9c20591a71918e0718ff6792260e3d689473c0fddd63b1f1d12bd666d7f391ca11364df179eaa0cb01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll

Filesize
11.7MB

MD5
af71a585a9e19d0dbbc121cac849f2b9

SHA1
531e5bd0d8b0cfbcfec8b381cadf1a7af5b9d7a5

SHA256
27a09cadc1b4737ffd8cfb989ba73385332e02cd1662771a449cb0454c3ca3a4

SHA512
f83b55f1df7e6c32510a596555bdf7c41a0fb28666a5df68a15143c2daaf526284dc14b6e1d178ec2ad22222c6968eac3128259aba50c617475ff3af2aab86c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ComputerZ_HardwareDll.dll

Filesize
11.7MB

MD5
af71a585a9e19d0dbbc121cac849f2b9

SHA1
531e5bd0d8b0cfbcfec8b381cadf1a7af5b9d7a5

SHA256
27a09cadc1b4737ffd8cfb989ba73385332e02cd1662771a449cb0454c3ca3a4

SHA512
f83b55f1df7e6c32510a596555bdf7c41a0fb28666a5df68a15143c2daaf526284dc14b6e1d178ec2ad22222c6968eac3128259aba50c617475ff3af2aab86c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DIFxAPI_x86.dll

Filesize
311KB

MD5
1bd976dd77b31fe0f25708ad5c1351ae

SHA1
50d075688835df04484f0b93792a530cb47a1872

SHA256
b3c28941ceb057de44d9c322a38bb0f63c62d7ffbd91cf7970964413978f8eb7

SHA512
d58c2be88941c15214c51c59923437863a94db7b8080ead69017f7cce19d256dbe4d1d8498762476c75c26773dfba1aaff3bed615589ebf4b39df78df1b50b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DataMgr.dll

Filesize
976KB

MD5
2ed7532cc0ffcc67f948c8d1469504c2

SHA1
3e84b817fd88786c680dbf5587b24035c0a2846c

SHA256
d069c6509ba8608ab15f301f57016ba7dcce42e35201a4c2c4e97167e0ce54b7

SHA512
7173c8bd56a2f6e103ad1fe684c5f0bb8aacaac07f705e7646057fe9c44f1b483650ec89d5c048cdb8b73b99f38147252ee863651e6de11582c275f61d274665

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DataMgr.dll

Filesize
976KB

MD5
2ed7532cc0ffcc67f948c8d1469504c2

SHA1
3e84b817fd88786c680dbf5587b24035c0a2846c

SHA256
d069c6509ba8608ab15f301f57016ba7dcce42e35201a4c2c4e97167e0ce54b7

SHA512
7173c8bd56a2f6e103ad1fe684c5f0bb8aacaac07f705e7646057fe9c44f1b483650ec89d5c048cdb8b73b99f38147252ee863651e6de11582c275f61d274665

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DownloadMgr.dll

Filesize
445KB

MD5
29cf1d28db1a5c5d68b5e0cce6c81db0

SHA1
84af3d92647f8068bf6b20c2fb1937a2c1d05bb0

SHA256
b4e3b9f375c360eec4fe7d811e0476a9a8a03fc632d890342e4c5db957ef481e

SHA512
1c5bc96d1f6ebd4d5abbc2d06fea90cf5509fb258f3e691507a3c7f1d351b230bdb2848a4d50f40bc258daa9823f920730860d6f203356d7b7584c03ccdca6ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DownloadMgr.dll

Filesize
445KB

MD5
29cf1d28db1a5c5d68b5e0cce6c81db0

SHA1
84af3d92647f8068bf6b20c2fb1937a2c1d05bb0

SHA256
b4e3b9f375c360eec4fe7d811e0476a9a8a03fc632d890342e4c5db957ef481e

SHA512
1c5bc96d1f6ebd4d5abbc2d06fea90cf5509fb258f3e691507a3c7f1d351b230bdb2848a4d50f40bc258daa9823f920730860d6f203356d7b7584c03ccdca6ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvMgrUI.dll

Filesize
2.9MB

MD5
389ad481dd146a0938c0516aacab2251

SHA1
603c2eb0d185cd0007c261d2b4ce91cb0c6467ec

SHA256
219c7c16af7b8fadbd22ba66475afba3326da5c9a39afc85f54e007505663c6b

SHA512
ee4481714ba3970b43c580ab39d13ce43408c26288bbe242e98441dc09457d81d6fc93f243cc233129b6f4a427f8a3f5e33c9951774e380b6bc378bfe1f4db72

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvMgrUI.dll

Filesize
2.9MB

MD5
389ad481dd146a0938c0516aacab2251

SHA1
603c2eb0d185cd0007c261d2b4ce91cb0c6467ec

SHA256
219c7c16af7b8fadbd22ba66475afba3326da5c9a39afc85f54e007505663c6b

SHA512
ee4481714ba3970b43c580ab39d13ce43408c26288bbe242e98441dc09457d81d6fc93f243cc233129b6f4a427f8a3f5e33c9951774e380b6bc378bfe1f4db72

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvmgrCore.dll

Filesize
1.3MB

MD5
289c771c06f063650f7dd5e37b10a57b

SHA1
778f12d6723620859f86bc4db6b91c5f50315dd3

SHA256
15e7b1c4b5b9cd9f0441c995ddf051a696560a543015f94442a52a35812f68d7

SHA512
de78e2507607d6defb9957e0bf90b6e8b9cb96d5c8ff64686381f5ea72809d1e0e5e02705966bc7e0278d0f91177c31d8eb9151997728bd94e8503cf6b18f26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\DrvmgrCore.dll

Filesize
1.3MB

MD5
289c771c06f063650f7dd5e37b10a57b

SHA1
778f12d6723620859f86bc4db6b91c5f50315dd3

SHA256
15e7b1c4b5b9cd9f0441c995ddf051a696560a543015f94442a52a35812f68d7

SHA512
de78e2507607d6defb9957e0bf90b6e8b9cb96d5c8ff64686381f5ea72809d1e0e5e02705966bc7e0278d0f91177c31d8eb9151997728bd94e8503cf6b18f26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\LiveUpd360.dll

Filesize
593KB

MD5
e2ab61cd7dd7c8443719460140737b09

SHA1
d07424aaf894aa68bab5c7cc829e54f69f466338

SHA256
0439f9f3a68e14ee28c718ac334f9318f97858ab5430e4fa2e82eb355ed446d6

SHA512
c608aa5fd10849f5efcc74ffb02bfc59c1cd943154b30f2e2174e30543708f3b92d020d39ae36b9dd2e90c2171863b5a610ab18248d430c974853fe0a810df60

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\MiniUI.dll

Filesize
901KB

MD5
043365f793b1672fc80aaebde3b22929

SHA1
be526a544e7af66b573b29ee7100374e9deb9a1f

SHA256
2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23

SHA512
efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\MiniUI.dll

Filesize
901KB

MD5
043365f793b1672fc80aaebde3b22929

SHA1
be526a544e7af66b573b29ee7100374e9deb9a1f

SHA256
2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23

SHA512
efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\ScriptExecute.exe

Filesize
811KB

MD5
8b88753a733fd8fc0f12d2ea266b9afd

SHA1
2f9181e8ec946a1d0276e0c8b9a9b21bff3ad210

SHA256
914dd14b89dc73afffaf8abb1d382cc16223e9049aa4437821e8759fc67ad417

SHA512
c545ca9b8ea7d6cd858737c904d8f9d003f44525e209bdabcad912def33279c848205fcbc727d81a266e61fffcb651915975e64686b9caedf2deb8b1e803129d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\SignHelper.dll

Filesize
139KB

MD5
a60df7bdf1ab9583e8bf7b38f2eca0a3

SHA1
528064b42f0470e785e896df67b41c6335f176a6

SHA256
4c20f1868b4ee71cca4d399b947f7942460a4074f2942ba90f382c2476b96978

SHA512
7fd219bf83e63dae70dfc79ad1978cefa4a9aec27b69f6e7f0b6e26678c988f8e4dda88f8d000cc20a1b0fdcdd69c24c56eab9a70c242630e902fe1b2d47eea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\atiags32.dll

Filesize
196KB

MD5
a1f7d080d2a00a9ddca9a469c29663c0

SHA1
9fa6b676b9509eead040415ca13a097118ae2175

SHA256
81b7e8a1c0073f6b7c4188216a94e5ab6420844e1acb122d93fab4c6bc14eebe

SHA512
eef12054ace42f07b05b371aa51164bbbfd65120b111e375eaec30537c232ae85022dd1bf424ed94a8d97eb216919cc5857e332029778b93faa8064555e4e07e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\config.xml

Filesize
978B

MD5
583e167ba709fec11044409c6b09d04f

SHA1
27b363d8b5dee2df351a5d41e6f14b6156db190f

SHA256
ea5f4faf853767718beef85023fcd9e13cca2127ebb3c17331903779db2916a0

SHA512
bebb16e99340d9264b7ae4cfd1562243a8cef688d3585968046c68020f19de587668485017f74368c20b686f5543bb319cc02665a3cdbb890eb47ffa4ce2a20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\defaultskin\defaultskin.ui

Filesize
156KB

MD5
0cc06e728803d0cdeedda92e04313e6c

SHA1
62e897041bdbf18ca65f6c452abcb557e17c0ded

SHA256
3fb6414e92be15821c674a6e72295e75747e9734c827ac14e85479d4720f2b33

SHA512
72afb68bf2078e459cf2e37481c61ff172dd224f5b089bf9903b0c55660aecfdcb98622c0b04fe88edae0e2e25c0eb640cffafc7343bbe5d67ef137397678936

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\config\defaultskin\miniui.xml

Filesize
8KB

MD5
1c7fad425e4dc4787174876b6725c5de

SHA1
6bf7f9afb666636bea1cef7eca6ebc32f4b344a2

SHA256
ee451d9f3d84226bcd456f193e1e79ebfbd1f24b961b25770c40df93ee7ca494

SHA512
ab02ca7851e6a859244edea31b3cf931a14937ec9ad2274c49a1aedb5a258360f653d7d5e76b9c6166633c4c284db9be277ae584d89641a99da3c77564f8b57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\dynlenv.dll

Filesize
548KB

MD5
61bda655c88ce843905ce63a2d5669e4

SHA1
532304d12d6e1a740e01cf03b3439301d2c6c85d

SHA256
fa7daa6a0e13f9112de63313caf4d06081aee0c7e79b5937cff0519bb4c0bbd4

SHA512
ad9c4f862747ff55ac506ea8b9d4a84a7d0c15d9cb8e9c987722141b9c33957d6aed44b59f0d85a068431ec2b85061b6c27d38011b8dca1675905aaaf6e37bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\pdown.dll

Filesize
230KB

MD5
48a849ff04150b2ec0836ab6bb32590a

SHA1
1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3

SHA256
ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62

SHA512
b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680

Download Submit
C:\Users\Admin\AppData\Local\Temp\360DrvMgr\pdown.dll

Filesize
230KB

MD5
48a849ff04150b2ec0836ab6bb32590a

SHA1
1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3

SHA256
ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62

SHA512
b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680

Download Submit
C:\Users\Admin\AppData\Roaming\360DrvMgr\Config.ini

Filesize
57B

MD5
6d63813c12ca56d6240cff46d9a46330

SHA1
8d7f01db6d3bc11e730b0fd3b40635bf526c450b

SHA256
50291f46574a12702ea22f58928817ef88230c246149a13e2cc80447aa2e54c5

SHA512
42623fd6583b80b75a2cb819c6a8c16b2c074ff09c8aa29d22e9678b1d53afe74700ef29624a0cd6f10ec5850a077ee6591a8d99ac9127bcbb03ac3e66249045

Download Submit
C:\Users\Admin\AppData\Roaming\360DrvMgr\Config.ini

Filesize
93B

MD5
62f2ac341271af86233c5f0f768b0e63

SHA1
16b25533d69e2e6afe9c7ee691c86107134c4a8c

SHA256
499a917ca62d2aaebf9ac6bbc7962d98822bba5f94774ff692e2c6753bfbf180

SHA512
eb3b0a5ab2d4f64c047a2e1594344f6f697fb4592714d92d6b901c9c67edcbaf3ec1f31c84995725af797137a0044ceaa483ad12d16fc5a801397cbc3e3a91b3

Download Submit
memory/2572-323-0x0000000077E12000-0x0000000077E13000-memory.dmp

Filesize
4KB

Download
memory/2572-273-0x0000000077F50000-0x0000000077F60000-memory.dmp

Filesize
64KB

Download
memory/4640-220-0x0000000077F50000-0x0000000077F60000-memory.dmp

Filesize
64KB

Download
memory/4640-302-0x0000000003750000-0x0000000003751000-memory.dmp

Filesize
4KB

Download
memory/4640-272-0x0000000077E12000-0x0000000077E13000-memory.dmp

Filesize
4KB

Download
memory/4640-219-0x0000000077E12000-0x0000000077E13000-memory.dmp

Filesize
4KB

Download
memory/4640-233-0x0000000003750000-0x0000000003751000-memory.dmp

Filesize
4KB

Download
memory/4640-218-0x0000000077F50000-0x0000000077F60000-memory.dmp

Filesize
64KB

Download