Analysis

  • max time kernel
    138s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-11-2023 06:07

General

  • Target

    360TS_Setup_Mini.exe

  • Size

    1.4MB

  • MD5

    31fee2c73b8d2a8ec979775cd5f5ced7

  • SHA1

    39182a68bc0c1c07d3ddc47cd69fe3692dbac834

  • SHA256

    d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe

  • SHA512

    db51b602a8675641bc3a0a980a197243787ed12f5e0619cb1d390c91193d7e3447e3e86e2321c3ea273c6732b356003a249241d7d8a5699931810e5a35d5c650

  • SSDEEP

    24576:kL/7n6lbcC8oblv1zj1SqdAGFQZIxvC45UJoe1Z:E6+C8o5tzjYq+ZIxL5UJoeL

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe
    "C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe" /c:101 /pmode:2
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4168
      • C:\Program Files (x86)\1700028540_0\360TS_Setup.exe
        "C:\Program Files (x86)\1700028540_0\360TS_Setup.exe" /c:101 /pmode:2 /TSinstall
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Writes to the Master Boot Record (MBR)
        • Suspicious use of SetWindowsHookEx
        PID:2560

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    71.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.20.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.20.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    st.p.360safe.com
    360TS_Setup_Mini.exe
    Remote address:
    8.8.8.8:53
    Request
    st.p.360safe.com
    IN A
    Response
    st.p.360safe.com
    IN A
    54.77.42.29
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    39.142.81.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    39.142.81.104.in-addr.arpa
    IN PTR
    Response
    39.142.81.104.in-addr.arpa
    IN PTR
    a104-81-142-39deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tr.p.360safe.com
    360TS_Setup_Mini.exe
    Remote address:
    8.8.8.8:53
    Request
    tr.p.360safe.com
    IN A
    Response
    tr.p.360safe.com
    IN A
    54.76.174.118
  • flag-us
    DNS
    29.42.77.54.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.42.77.54.in-addr.arpa
    IN PTR
    Response
    29.42.77.54.in-addr.arpa
    IN PTR
    ec2-54-77-42-29 eu-west-1compute amazonawscom
  • flag-us
    DNS
    118.174.76.54.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    118.174.76.54.in-addr.arpa
    IN PTR
    Response
    118.174.76.54.in-addr.arpa
    IN PTR
    ec2-54-76-174-118 eu-west-1compute amazonawscom
  • flag-us
    DNS
    s.360safe.com
    360TS_Setup_Mini.exe
    Remote address:
    8.8.8.8:53
    Request
    s.360safe.com
    IN A
    Response
    s.360safe.com
    IN CNAME
    s.360safe.com.os-lb.com
    s.360safe.com.os-lb.com
    IN A
    52.29.179.141
    s.360safe.com.os-lb.com
    IN A
    18.184.178.29
  • flag-us
    DNS
    iup.360safe.com
    360TS_Setup_Mini.exe
    Remote address:
    8.8.8.8:53
    Request
    iup.360safe.com
    IN A
    Response
    iup.360safe.com
    IN CNAME
    iup-qihoo360.cdnvideo.ru
    iup-qihoo360.cdnvideo.ru
    IN A
    151.236.127.172
  • flag-nl
    GET
    http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
    360TS_Setup_Mini.exe
    Remote address:
    151.236.127.172:80
    Request
    GET /iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: iup.360safe.com
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Wed, 15 Nov 2023 06:08:01 GMT
    Content-Type: application/octet-stream
    Content-Length: 655
    Connection: close
    Last-Modified: Wed, 01 Nov 2023 06:17:54 GMT
    X-CDN-Edge-Cache: HIT
    X-CDN-Edge-Id: 119
    X-CDN-Request-Id: 5c684462cb0aa258fc24bd716fa29b2d
    Accept-Ranges: bytes
  • flag-us
    DNS
    172.127.236.151.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.127.236.151.in-addr.arpa
    IN PTR
    Response
  • flag-de
    GET
    http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=64dae5a55f1948466eb795121b783f84&state=153
    360TS_Setup_Mini.exe
    Remote address:
    52.29.179.141:80
    Request
    GET /360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=64dae5a55f1948466eb795121b783f84&state=153 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: s.360safe.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.0.12
    Date: Wed, 15 Nov 2023 06:08:02 GMT
    Content-Type: text/html
    Content-Length: 0
    Last-Modified: Fri, 25 May 2018 09:32:19 GMT
    Connection: close
    Accept-Ranges: bytes
  • flag-de
    GET
    http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=64dae5a55f1948466eb795121b783f84&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=655&tdl=655&tds=655&terr=0&tes=Status|1,ErrorCode|0,DnCount|5,HttpNum|1,DnFailCount|5,FStatus|1,P2SS|655,P2PS|0,PDMode|2&tfl=655&tp=t&tst=1&ttdl=655&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
    360TS_Setup_Mini.exe
    Remote address:
    52.29.179.141:80
    Request
    GET /safei18n/dimana.htm?lr=1&mid=64dae5a55f1948466eb795121b783f84&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=655&tdl=655&tds=655&terr=0&tes=Status|1,ErrorCode|0,DnCount|5,HttpNum|1,DnFailCount|5,FStatus|1,P2SS|655,P2PS|0,PDMode|2&tfl=655&tp=t&tst=1&ttdl=655&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: s.360safe.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.0.12
    Date: Wed, 15 Nov 2023 06:08:02 GMT
    Content-Type: text/html
    Content-Length: 0
    Last-Modified: Fri, 25 May 2018 09:31:45 GMT
    Connection: close
    Accept-Ranges: bytes
  • flag-us
    DNS
    int.down.360safe.com
    360TS_Setup_Mini.exe
    Remote address:
    8.8.8.8:53
    Request
    int.down.360safe.com
    IN A
    Response
    int.down.360safe.com
    IN CNAME
    int.down.360safe.com.qh-cdn.com
    int.down.360safe.com.qh-cdn.com
    IN CNAME
    int.down.360safe.com.dl.360qhcdn.com
    int.down.360safe.com.dl.360qhcdn.com
    IN A
    104.192.108.20
    int.down.360safe.com.dl.360qhcdn.com
    IN A
    104.192.108.21
    int.down.360safe.com.dl.360qhcdn.com
    IN A
    104.192.108.17
  • flag-us
    DNS
    sd.p.360safe.com
    360TS_Setup_Mini.exe
    Remote address:
    8.8.8.8:53
    Request
    sd.p.360safe.com
    IN A
    Response
    sd.p.360safe.com
    IN CNAME
    d29kc70vrlkws4.cloudfront.net
    d29kc70vrlkws4.cloudfront.net
    IN A
    52.222.137.111
    d29kc70vrlkws4.cloudfront.net
    IN A
    52.222.137.220
    d29kc70vrlkws4.cloudfront.net
    IN A
    52.222.137.80
    d29kc70vrlkws4.cloudfront.net
    IN A
    52.222.137.147
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=1AB755FEAE5E673636B74634AFDD666D; domain=.bing.com; expires=Mon, 09-Dec-2024 06:08:03 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 457C930E7ADC41A2AC8BD1AE95CECCB8 Ref B: AMS04EDGE2710 Ref C: 2023-11-15T06:08:03Z
    date: Wed, 15 Nov 2023 06:08:02 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1AB755FEAE5E673636B74634AFDD666D
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D1BC562897B44986902CF17979A7AE69 Ref B: AMS04EDGE2710 Ref C: 2023-11-15T06:08:03Z
    date: Wed, 15 Nov 2023 06:08:02 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1AB755FEAE5E673636B74634AFDD666D
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E2CC47D9A39C4117B9A18E820C55C91A Ref B: AMS04EDGE2710 Ref C: 2023-11-15T06:08:03Z
    date: Wed, 15 Nov 2023 06:08:02 GMT
  • flag-nl
    GET
    http://sd.p.360safe.com/61450211D3B36D42AD4592E3EE6F1440BE6658C2.trt
    360TS_Setup_Mini.exe
    Remote address:
    52.222.137.111:80
    Request
    GET /61450211D3B36D42AD4592E3EE6F1440BE6658C2.trt HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: sd.p.360safe.com
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Content-Type: application/octet-stream
    Content-Length: 15391
    Connection: close
    Server: nginx
    Last-Modified: Wed, 01 Nov 2023 05:07:47 GMT
    Accept-Ranges: bytes
    Date: Wed, 15 Nov 2023 04:19:45 GMT
    X-Cache: Hit from cloudfront
    Via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: AMS50-C1
    X-Amz-Cf-Id: It1yKiK2potVPpIdl43imHt-VaQHDOkm3DWFiW3zca5352s1eeA_Ag==
    Age: 81390
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=24772608-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:03 GMT
    Content-Type: application/octet-stream
    Content-Length: 74320616
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:03 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 24772608-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.21:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=49545216-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:03 GMT
    Content-Type: application/octet-stream
    Content-Length: 49548008
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:03 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f05.lato;MISS from back-f05.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 49545216-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.20:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=74317824-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:03 GMT
    Content-Type: application/octet-stream
    Content-Length: 24775400
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:03 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f04.lato;MISS from back-f04.dl.lato;HIT from w-subsrc01.lato
    K-Cache-status: MISS
    Content-Range: bytes 74317824-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Wed, 15 Nov 2023 06:08:03 GMT
    Content-Type: application/octet-stream
    Content-Length: 99093224
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:03 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc01.lato
    K-Cache-status: MISS
    Accept-Ranges: bytes
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=86704128-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:03 GMT
    Content-Type: application/octet-stream
    Content-Length: 12389096
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:03 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 86704128-99093223/99093224
  • flag-us
    DNS
    141.179.29.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    141.179.29.52.in-addr.arpa
    IN PTR
    Response
    141.179.29.52.in-addr.arpa
    IN PTR
    ec2-52-29-179-141 eu-central-1compute amazonawscom
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    111.137.222.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    111.137.222.52.in-addr.arpa
    IN PTR
    Response
    111.137.222.52.in-addr.arpa
    IN PTR
    server-52-222-137-111ams50r cloudfrontnet
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.20:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=64356352-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:22 GMT
    Content-Type: application/octet-stream
    Content-Length: 34736872
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:22 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:19 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f04.lato;MISS from back-f04.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 64356352-99093223/99093224
  • flag-us
    DNS
    17.108.192.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.108.192.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.108.192.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.108.192.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    20.108.192.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.108.192.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=18350080-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:40 GMT
    Content-Type: application/octet-stream
    Content-Length: 80743144
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:40 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 18350080-99093223/99093224
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.177.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.177.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=21774336-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:41 GMT
    Content-Type: application/octet-stream
    Content-Length: 77318888
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:41 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 21774336-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.21:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=16629760-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:50 GMT
    Content-Type: application/octet-stream
    Content-Length: 82463464
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:50 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f05.lato;MISS from back-f05.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 16629760-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=73220096-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:50 GMT
    Content-Type: application/octet-stream
    Content-Length: 25873128
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:50 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc01.lato
    K-Cache-status: MISS
    Content-Range: bytes 73220096-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.20:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=17727488-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:51 GMT
    Content-Type: application/octet-stream
    Content-Length: 81365736
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:51 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:19 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f04.lato;MISS from back-f04.dl.lato;HIT from w-subsrc01.lato
    K-Cache-status: MISS
    Content-Range: bytes 17727488-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=16285696-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:52 GMT
    Content-Type: application/octet-stream
    Content-Length: 82807528
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:52 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc01.lato
    K-Cache-status: MISS
    Content-Range: bytes 16285696-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=18071552-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:53 GMT
    Content-Type: application/octet-stream
    Content-Length: 81021672
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:53 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 18071552-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.21:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=18219008-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:53 GMT
    Content-Type: application/octet-stream
    Content-Length: 80874216
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:53 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f05.lato;MISS from back-f05.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 18219008-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=17973248-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:53 GMT
    Content-Type: application/octet-stream
    Content-Length: 81119976
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:53 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 17973248-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.20:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=18022400-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:53 GMT
    Content-Type: application/octet-stream
    Content-Length: 81070824
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:53 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:19 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f04.lato;MISS from back-f04.dl.lato;HIT from w-subsrc01.lato
    K-Cache-status: MISS
    Content-Range: bytes 18022400-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=18038784-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:54 GMT
    Content-Type: application/octet-stream
    Content-Length: 81054440
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:54 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 18038784-99093223/99093224
  • flag-us
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    360TS_Setup_Mini.exe
    Remote address:
    104.192.108.17:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1048.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=17956864-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Date: Wed, 15 Nov 2023 06:08:54 GMT
    Content-Type: application/octet-stream
    Content-Length: 81136360
    Connection: close
    Expires: Wed, 15 Nov 2023 06:18:54 GMT
    Last-Modified: Wed, 01 Nov 2023 05:07:17 GMT
    Cache-Control: s-maxage=600, max-age=600
    KCS-Via: HIT from w-f01.lato;MISS from back-f01.dl.lato;HIT from w-subsrc02.lato
    K-Cache-status: MISS
    Content-Range: bytes 17956864-99093223/99093224
  • flag-de
    GET
    http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=64dae5a55f1948466eb795121b783f84&mod=360Installer.exe&ph=4C5D0E781B7C7CB54D72FCB94A08D297&p2p=1&t_id=360TS_Setup.exe&tads=1835059&tdl=99093224&tds=1109258&terr=0&tes=Status|1,ErrorCode|0,DnCount|22,HttpNum|19,DnFailCount|21,FStatus|1,P2SS|99093224,P2PS|0,PDMode|3&tfl=99093224&tp=t&tst=1&ttdl=99093224&ttm=54500&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
    360TS_Setup_Mini.exe
    Remote address:
    52.29.179.141:80
    Request
    GET /safei18n/dimana.htm?lr=1&mid=64dae5a55f1948466eb795121b783f84&mod=360Installer.exe&ph=4C5D0E781B7C7CB54D72FCB94A08D297&p2p=1&t_id=360TS_Setup.exe&tads=1835059&tdl=99093224&tds=1109258&terr=0&tes=Status|1,ErrorCode|0,DnCount|22,HttpNum|19,DnFailCount|21,FStatus|1,P2SS|99093224,P2PS|0,PDMode|3&tfl=99093224&tp=t&tst=1&ttdl=99093224&ttm=54500&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: s.360safe.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.0.12
    Date: Wed, 15 Nov 2023 06:08:57 GMT
    Content-Type: text/html
    Content-Length: 0
    Last-Modified: Fri, 25 May 2018 09:31:45 GMT
    Connection: close
    Accept-Ranges: bytes
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301634_10VKNY6NZN82LU9UT&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301634_10VKNY6NZN82LU9UT&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 410629
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0A9EA4EB78A84E08AF9780DBFC815A06 Ref B: DUS30EDGE0815 Ref C: 2023-11-15T06:08:57Z
    date: Wed, 15 Nov 2023 06:08:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301317_1SANBEH786QEYU6TN&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301317_1SANBEH786QEYU6TN&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 278503
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DC2877EED27E4347BA82F1BCC279EB54 Ref B: DUS30EDGE0815 Ref C: 2023-11-15T06:08:57Z
    date: Wed, 15 Nov 2023 06:08:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301225_1DZROXCI1NKORI8W4&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301225_1DZROXCI1NKORI8W4&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 463110
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DB4163F39FA24F71A804522A344FAC31 Ref B: DUS30EDGE0815 Ref C: 2023-11-15T06:08:57Z
    date: Wed, 15 Nov 2023 06:08:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301039_13Z9BFIH4MFB25MGU&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301039_13Z9BFIH4MFB25MGU&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 307641
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 30A01D6AA4FC429DBACAA8B19E06CFB2 Ref B: DUS30EDGE0815 Ref C: 2023-11-15T06:08:58Z
    date: Wed, 15 Nov 2023 06:08:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301472_1VUKM758MEAZ9E285&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301472_1VUKM758MEAZ9E285&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 299738
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9B7A725991944CBD9160272CE655E950 Ref B: DUS30EDGE0815 Ref C: 2023-11-15T06:08:58Z
    date: Wed, 15 Nov 2023 06:08:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301726_1E13SDDIEAACEBOJ3&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301726_1E13SDDIEAACEBOJ3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 212593
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 44D327BC462B4D699613A2AAF7608F7A Ref B: DUS30EDGE0815 Ref C: 2023-11-15T06:09:00Z
    date: Wed, 15 Nov 2023 06:09:00 GMT
  • flag-de
    GET
    http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=64dae5a55f1948466eb795121b783f84&state=9
    360TS_Setup_Mini.exe
    Remote address:
    52.29.179.141:80
    Request
    GET /360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=64dae5a55f1948466eb795121b783f84&state=9 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: s.360safe.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.0.12
    Date: Wed, 15 Nov 2023 06:09:04 GMT
    Content-Type: text/html
    Content-Length: 0
    Last-Modified: Fri, 25 May 2018 09:32:19 GMT
    Connection: close
    Accept-Ranges: bytes
  • flag-us
    DNS
    orion.ts.360.com
    360TS_Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    orion.ts.360.com
    IN A
    Response
    orion.ts.360.com
    IN CNAME
    orion.ts.360.com.awsr53.qihucdn.com
    orion.ts.360.com.awsr53.qihucdn.com
    IN A
    82.145.215.152
  • flag-nl
    GET
    https://orion.ts.360.com/c?ch=101&sch=0&ver=11.0.0.1048&lan=en&os=10.0-x64&mid=64dae5a55f1948466eb795121b783f84&time=1700028558&checksum=E32FA9368CF1D97868CFA890
    360TS_Setup.exe
    Remote address:
    82.145.215.152:443
    Request
    GET /c?ch=101&sch=0&ver=11.0.0.1048&lan=en&os=10.0-x64&mid=64dae5a55f1948466eb795121b783f84&time=1700028558&checksum=E32FA9368CF1D97868CFA890 HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: orion.ts.360.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Wed, 15 Nov 2023 06:09:27 GMT
    Content-Type: text/plain; charset=utf-8
    Connection: keep-alive
    content-length: 2
  • flag-nl
    GET
    https://orion.ts.360.com/installapp?c=us&ch=101&sch=0&ver=11.0.0.1048&lan=en&os=10.0-x64&mid=64dae5a55f1948466eb795121b783f84&time=1700028562&checksum=6183F4F2876097D3891A5563
    360TS_Setup.exe
    Remote address:
    82.145.215.152:443
    Request
    GET /installapp?c=us&ch=101&sch=0&ver=11.0.0.1048&lan=en&os=10.0-x64&mid=64dae5a55f1948466eb795121b783f84&time=1700028562&checksum=6183F4F2876097D3891A5563 HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: orion.ts.360.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Wed, 15 Nov 2023 06:09:27 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 168
    Connection: keep-alive
    X-Orion-Content-Type: orion; version=1.0
  • flag-us
    DNS
    152.215.145.82.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    152.215.145.82.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    152.215.145.82.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    152.215.145.82.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    233.38.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.38.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.149.64.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.149.64.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    27.178.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.178.89.13.in-addr.arpa
    IN PTR
    Response
  • 151.236.127.172:80
    http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
    http
    360TS_Setup_Mini.exe
    440 B
    1.1kB
    5
    4

    HTTP Request

    GET http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab

    HTTP Response

    200
  • 151.236.127.172:80
    iup.360safe.com
    360TS_Setup_Mini.exe
    144 B
    52 B
    3
    1
  • 151.236.127.172:80
    iup.360safe.com
    360TS_Setup_Mini.exe
    144 B
    52 B
    3
    1
  • 151.236.127.172:80
    iup.360safe.com
    360TS_Setup_Mini.exe
    144 B
    52 B
    3
    1
  • 151.236.127.172:80
    iup.360safe.com
    360TS_Setup_Mini.exe
    144 B
    52 B
    3
    1
  • 52.29.179.141:80
    http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=64dae5a55f1948466eb795121b783f84&state=153
    http
    360TS_Setup_Mini.exe
    645 B
    421 B
    6
    5

    HTTP Request

    GET http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=64dae5a55f1948466eb795121b783f84&state=153

    HTTP Response

    200
  • 52.29.179.141:80
    http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=64dae5a55f1948466eb795121b783f84&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=655&tdl=655&tds=655&terr=0&tes=Status|1,ErrorCode|0,DnCount|5,HttpNum|1,DnFailCount|5,FStatus|1,P2SS|655,P2PS|0,PDMode|2&tfl=655&tp=t&tst=1&ttdl=655&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
    http
    360TS_Setup_Mini.exe
    917 B
    421 B
    6
    5

    HTTP Request

    GET http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=64dae5a55f1948466eb795121b783f84&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=655&tdl=655&tds=655&terr=0&tes=Status|1,ErrorCode|0,DnCount|5,HttpNum|1,DnFailCount|5,FStatus|1,P2SS|655,P2PS|0,PDMode|2&tfl=655&tp=t&tst=1&ttdl=655&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS

    HTTP Response

    200
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid=
    tls, http2
    1.9kB
    9.3kB
    22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5a2037c566b7418db9f2748e8677fb84&localId=w:A8A12FC3-76A6-AC6C-AA30-BB221E4B018A&deviceId=6966556173674516&anid=

    HTTP Response

    204
  • 52.222.137.111:80
    http://sd.p.360safe.com/61450211D3B36D42AD4592E3EE6F1440BE6658C2.trt
    http
    360TS_Setup_Mini.exe
    718 B
    16.5kB
    11
    16

    HTTP Request

    GET http://sd.p.360safe.com/61450211D3B36D42AD4592E3EE6F1440BE6658C2.trt

    HTTP Response

    200
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    438.3kB
    25.6MB
    9389
    18313

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.21:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    343.1kB
    15.5MB
    7453
    14552

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.20:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    228.8kB
    12.8MB
    4969
    9581

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    299.2kB
    16.9MB
    6499
    12600

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    200
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    222.3kB
    12.8MB
    4703
    9112

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.20:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    166.9kB
    9.2MB
    3624
    6879

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    64.6kB
    3.6MB
    1400
    2691

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    56.8kB
    3.2MB
    1230
    2361

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.21:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    28.6kB
    1.2MB
    617
    1165

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    27.3kB
    1.3MB
    538
    909

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.20:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    8.4kB
    332.4kB
    178
    250

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    9.0kB
    427.5kB
    191
    321

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    5.3kB
    218.5kB
    110
    165

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.21:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    6.5kB
    216.1kB
    137
    205

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    5.2kB
    211.8kB
    108
    160

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.20:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    2.5kB
    74.3kB
    50
    55

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    2.8kB
    79.1kB
    56
    61

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe
    http
    360TS_Setup_Mini.exe
    2.7kB
    76.5kB
    54
    59

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1048.exe

    HTTP Response

    206
  • 104.192.108.17:80
    int.down.360safe.com
    360TS_Setup_Mini.exe
    144 B
    44 B
    3
    1
  • 104.192.108.20:80
    int.down.360safe.com
    360TS_Setup_Mini.exe
    144 B
    44 B
    3
    1
  • 104.192.108.21:80
    int.down.360safe.com
    360TS_Setup_Mini.exe
    144 B
    44 B
    3
    1
  • 52.29.179.141:80
    http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=64dae5a55f1948466eb795121b783f84&mod=360Installer.exe&ph=4C5D0E781B7C7CB54D72FCB94A08D297&p2p=1&t_id=360TS_Setup.exe&tads=1835059&tdl=99093224&tds=1109258&terr=0&tes=Status|1,ErrorCode|0,DnCount|22,HttpNum|19,DnFailCount|21,FStatus|1,P2SS|99093224,P2PS|0,PDMode|3&tfl=99093224&tp=t&tst=1&ttdl=99093224&ttm=54500&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
    http
    360TS_Setup_Mini.exe
    940 B
    421 B
    6
    5

    HTTP Request

    GET http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=64dae5a55f1948466eb795121b783f84&mod=360Installer.exe&ph=4C5D0E781B7C7CB54D72FCB94A08D297&p2p=1&t_id=360TS_Setup.exe&tads=1835059&tdl=99093224&tds=1109258&terr=0&tes=Status|1,ErrorCode|0,DnCount|22,HttpNum|19,DnFailCount|21,FStatus|1,P2SS|99093224,P2PS|0,PDMode|3&tfl=99093224&tp=t&tst=1&ttdl=99093224&ttm=54500&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS

    HTTP Response

    200
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301726_1E13SDDIEAACEBOJ3&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    70.3kB
    2.0MB
    1493
    1490

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301634_10VKNY6NZN82LU9UT&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301317_1SANBEH786QEYU6TN&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301225_1DZROXCI1NKORI8W4&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301039_13Z9BFIH4MFB25MGU&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301472_1VUKM758MEAZ9E285&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301726_1E13SDDIEAACEBOJ3&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 52.29.179.141:80
    http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=64dae5a55f1948466eb795121b783f84&state=9
    http
    360TS_Setup_Mini.exe
    643 B
    421 B
    6
    5

    HTTP Request

    GET http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=64dae5a55f1948466eb795121b783f84&state=9

    HTTP Response

    200
  • 82.145.215.152:443
    https://orion.ts.360.com/installapp?c=us&ch=101&sch=0&ver=11.0.0.1048&lan=en&os=10.0-x64&mid=64dae5a55f1948466eb795121b783f84&time=1700028562&checksum=6183F4F2876097D3891A5563
    tls, http
    360TS_Setup.exe
    1.6kB
    6.7kB
    14
    10

    HTTP Request

    GET https://orion.ts.360.com/c?ch=101&sch=0&ver=11.0.0.1048&lan=en&os=10.0-x64&mid=64dae5a55f1948466eb795121b783f84&time=1700028558&checksum=E32FA9368CF1D97868CFA890

    HTTP Response

    200

    HTTP Request

    GET https://orion.ts.360.com/installapp?c=us&ch=101&sch=0&ver=11.0.0.1048&lan=en&os=10.0-x64&mid=64dae5a55f1948466eb795121b783f84&time=1700028562&checksum=6183F4F2876097D3891A5563

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    71.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    71.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    254.20.238.8.in-addr.arpa
    dns
    71 B
    125 B
    1
    1

    DNS Request

    254.20.238.8.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    st.p.360safe.com
    dns
    360TS_Setup_Mini.exe
    62 B
    78 B
    1
    1

    DNS Request

    st.p.360safe.com

    DNS Response

    54.77.42.29

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    39.142.81.104.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    39.142.81.104.in-addr.arpa

  • 54.77.42.29:3478
    st.p.360safe.com
    360TS_Setup_Mini.exe
    392 B
    7
  • 54.77.42.29:3478
    st.p.360safe.com
    360TS_Setup_Mini.exe
    784 B
    14
  • 224.0.0.251:5353
    112 B
    2
  • 8.8.8.8:53
    tr.p.360safe.com
    dns
    360TS_Setup_Mini.exe
    62 B
    78 B
    1
    1

    DNS Request

    tr.p.360safe.com

    DNS Response

    54.76.174.118

  • 8.8.8.8:53
    29.42.77.54.in-addr.arpa
    dns
    70 B
    131 B
    1
    1

    DNS Request

    29.42.77.54.in-addr.arpa

  • 54.76.174.118:80
    tr.p.360safe.com
    http
    360TS_Setup_Mini.exe
    576 B
    7
  • 8.8.8.8:53
    118.174.76.54.in-addr.arpa
    dns
    72 B
    135 B
    1
    1

    DNS Request

    118.174.76.54.in-addr.arpa

  • 8.8.8.8:53
    s.360safe.com
    dns
    360TS_Setup_Mini.exe
    59 B
    125 B
    1
    1

    DNS Request

    s.360safe.com

    DNS Response

    52.29.179.141
    18.184.178.29

  • 8.8.8.8:53
    iup.360safe.com
    dns
    360TS_Setup_Mini.exe
    61 B
    115 B
    1
    1

    DNS Request

    iup.360safe.com

    DNS Response

    151.236.127.172

  • 8.8.8.8:53
    172.127.236.151.in-addr.arpa
    dns
    74 B
    134 B
    1
    1

    DNS Request

    172.127.236.151.in-addr.arpa

  • 8.8.8.8:53
    int.down.360safe.com
    dns
    360TS_Setup_Mini.exe
    66 B
    203 B
    1
    1

    DNS Request

    int.down.360safe.com

    DNS Response

    104.192.108.20
    104.192.108.21
    104.192.108.17

  • 8.8.8.8:53
    sd.p.360safe.com
    dns
    360TS_Setup_Mini.exe
    62 B
    169 B
    1
    1

    DNS Request

    sd.p.360safe.com

    DNS Response

    52.222.137.111
    52.222.137.220
    52.222.137.80
    52.222.137.147

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    158 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    141.179.29.52.in-addr.arpa
    dns
    72 B
    138 B
    1
    1

    DNS Request

    141.179.29.52.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
    106 B
    1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    111.137.222.52.in-addr.arpa
    dns
    73 B
    131 B
    1
    1

    DNS Request

    111.137.222.52.in-addr.arpa

  • 8.8.8.8:53
    17.108.192.104.in-addr.arpa
    dns
    73 B
    157 B
    1
    1

    DNS Request

    17.108.192.104.in-addr.arpa

  • 8.8.8.8:53
    21.108.192.104.in-addr.arpa
    dns
    73 B
    157 B
    1
    1

    DNS Request

    21.108.192.104.in-addr.arpa

  • 8.8.8.8:53
    20.108.192.104.in-addr.arpa
    dns
    73 B
    157 B
    1
    1

    DNS Request

    20.108.192.104.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    126.177.238.8.in-addr.arpa
    dns
    72 B
    126 B
    1
    1

    DNS Request

    126.177.238.8.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    orion.ts.360.com
    dns
    360TS_Setup.exe
    62 B
    124 B
    1
    1

    DNS Request

    orion.ts.360.com

    DNS Response

    82.145.215.152

  • 8.8.8.8:53
    152.215.145.82.in-addr.arpa
    dns
    146 B
    268 B
    2
    2

    DNS Request

    152.215.145.82.in-addr.arpa

    DNS Request

    152.215.145.82.in-addr.arpa

  • 8.8.8.8:53
    233.38.18.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    233.38.18.104.in-addr.arpa

  • 8.8.8.8:53
    23.149.64.172.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    23.149.64.172.in-addr.arpa

  • 8.8.8.8:53
    27.178.89.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    27.178.89.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\1700028540_0\360TS_Setup.exe

    Filesize

    94.5MB

    MD5

    4c5d0e781b7c7cb54d72fcb94a08d297

    SHA1

    e0cb018b213a02dca399b4dbeaa493d6c55b25e3

    SHA256

    1a437bec0a4f32636fafde2151a57128a3735c3ced65a45750a1b34a67645dc8

    SHA512

    34b9b29a67fa8e79770702df835284c1533b79f61c755feff6477a93a0eef9a0aa2aca162945da9045aaaa71c5755a5dd76dd97afe10f3d5b541eb282d725926

  • C:\Program Files (x86)\1700028540_0\360TS_Setup.exe

    Filesize

    94.5MB

    MD5

    4c5d0e781b7c7cb54d72fcb94a08d297

    SHA1

    e0cb018b213a02dca399b4dbeaa493d6c55b25e3

    SHA256

    1a437bec0a4f32636fafde2151a57128a3735c3ced65a45750a1b34a67645dc8

    SHA512

    34b9b29a67fa8e79770702df835284c1533b79f61c755feff6477a93a0eef9a0aa2aca162945da9045aaaa71c5755a5dd76dd97afe10f3d5b541eb282d725926

  • C:\Users\Admin\AppData\Local\Temp\!@tD60D.tmp

    Filesize

    655B

    MD5

    5ed78a4c632dcaf6e1204dc7b07d30ca

    SHA1

    7abdb6c0da46f395b7c36b96eb2bc40a8c9309e6

    SHA256

    a474606683858e8db91a960efce486d01cfca32459563c525dc767057fb20a3b

    SHA512

    5af0f93cc7e1a961db1aada0fe968c6497b4f7a23b75a76b064a45a86287588cd76777111272083c58dbc37c9ed41946d9260875c5e2527d5f29e4573d0c5209

  • C:\Users\Admin\AppData\Local\Temp\!@tD60D.tmp.dir\setup.ini

    Filesize

    829B

    MD5

    1ba7ca1ad3aa2da1aa01b3e0d1ea8043

    SHA1

    70d9553fb02e2409905398b7e17aadeba1dff5f1

    SHA256

    a62d34b4112007d79f5b4c6e56f8b0522a0d17f010709d32498e66dcd519ea0f

    SHA512

    92b727e19ab7495360136bf61e6b1dc7d2d44b3ec40acdffc8b58ff43ec78b4a461cf9a53c6772763a6a89519cf1da5970c11c645914b1af873a34a0717de457

  • C:\Users\Admin\AppData\Local\Temp\1700028539_00000000_base\360base.dll

    Filesize

    884KB

    MD5

    8c42fc725106cf8276e625b4f97861bc

    SHA1

    9c4140730cb031c29fc63e17e1504693d0f21c13

    SHA256

    d1ca92aa0789ee87d45f9f3c63e0e46ad2997b09605cbc2c57da2be6b8488c22

    SHA512

    f3c33dfe8e482692d068bf2185bec7d0d2bb232e6828b0bc8dc867da9e7ca89f9356fde87244fe686e3830f957c052089a87ecff4e44842a1a7848246f0ba105

  • C:\Users\Admin\AppData\Local\Temp\1700028539_00000000_base\360base.dll

    Filesize

    884KB

    MD5

    8c42fc725106cf8276e625b4f97861bc

    SHA1

    9c4140730cb031c29fc63e17e1504693d0f21c13

    SHA256

    d1ca92aa0789ee87d45f9f3c63e0e46ad2997b09605cbc2c57da2be6b8488c22

    SHA512

    f3c33dfe8e482692d068bf2185bec7d0d2bb232e6828b0bc8dc867da9e7ca89f9356fde87244fe686e3830f957c052089a87ecff4e44842a1a7848246f0ba105

  • C:\Users\Admin\AppData\Local\Temp\1700028557_00000000_base\360base.dll

    Filesize

    884KB

    MD5

    8c42fc725106cf8276e625b4f97861bc

    SHA1

    9c4140730cb031c29fc63e17e1504693d0f21c13

    SHA256

    d1ca92aa0789ee87d45f9f3c63e0e46ad2997b09605cbc2c57da2be6b8488c22

    SHA512

    f3c33dfe8e482692d068bf2185bec7d0d2bb232e6828b0bc8dc867da9e7ca89f9356fde87244fe686e3830f957c052089a87ecff4e44842a1a7848246f0ba105

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

    Filesize

    94.5MB

    MD5

    4c5d0e781b7c7cb54d72fcb94a08d297

    SHA1

    e0cb018b213a02dca399b4dbeaa493d6c55b25e3

    SHA256

    1a437bec0a4f32636fafde2151a57128a3735c3ced65a45750a1b34a67645dc8

    SHA512

    34b9b29a67fa8e79770702df835284c1533b79f61c755feff6477a93a0eef9a0aa2aca162945da9045aaaa71c5755a5dd76dd97afe10f3d5b541eb282d725926

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

    Filesize

    94.5MB

    MD5

    4c5d0e781b7c7cb54d72fcb94a08d297

    SHA1

    e0cb018b213a02dca399b4dbeaa493d6c55b25e3

    SHA256

    1a437bec0a4f32636fafde2151a57128a3735c3ced65a45750a1b34a67645dc8

    SHA512

    34b9b29a67fa8e79770702df835284c1533b79f61c755feff6477a93a0eef9a0aa2aca162945da9045aaaa71c5755a5dd76dd97afe10f3d5b541eb282d725926

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

    Filesize

    94.5MB

    MD5

    4c5d0e781b7c7cb54d72fcb94a08d297

    SHA1

    e0cb018b213a02dca399b4dbeaa493d6c55b25e3

    SHA256

    1a437bec0a4f32636fafde2151a57128a3735c3ced65a45750a1b34a67645dc8

    SHA512

    34b9b29a67fa8e79770702df835284c1533b79f61c755feff6477a93a0eef9a0aa2aca162945da9045aaaa71c5755a5dd76dd97afe10f3d5b541eb282d725926

  • C:\Users\Admin\AppData\Local\Temp\{128EF5A2-0AD2-4c4b-BD4A-C3AB3895D394}.tmp\360P2SP.dll

    Filesize

    824KB

    MD5

    fc1796add9491ee757e74e65cedd6ae7

    SHA1

    603e87ab8cb45f62ecc7a9ef52d5dedd261ea812

    SHA256

    bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60

    SHA512

    8fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d

  • C:\Users\Admin\AppData\Local\Temp\{128EF5A2-0AD2-4c4b-BD4A-C3AB3895D394}.tmp\360P2SP.dll

    Filesize

    824KB

    MD5

    fc1796add9491ee757e74e65cedd6ae7

    SHA1

    603e87ab8cb45f62ecc7a9ef52d5dedd261ea812

    SHA256

    bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60

    SHA512

    8fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d

  • C:\Users\Admin\AppData\Local\Temp\{5094BE1D-81BF-48e3-BD7B-0C65497AC7D1}.tmp

    Filesize

    3KB

    MD5

    b1ddd3b1895d9a3013b843b3702ac2bd

    SHA1

    71349f5c577a3ae8acb5fbce27b18a203bf04ede

    SHA256

    46cda5ad256bf373f5ed0b2a20efa5275c1ffd96864c33f3727e76a3973f4b3c

    SHA512

    93e6c10c4a8465bc2e58f4c7eb300860186ddc5734599bcdad130ff9c8fd324443045eac54bbc667b058ac1fa271e5b7645320c6e3fc2f28cc5f824096830de1

  • memory/2296-37-0x0000000003E50000-0x0000000003E51000-memory.dmp

    Filesize

    4KB

  • memory/2296-13-0x0000000003E50000-0x0000000003E51000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.