Analysis
-
max time kernel
237s -
max time network
239s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21-12-2023 21:01
Static task
static1
Behavioral task
behavioral1
Sample
360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
Resource
win10v2004-20231215-en
General
-
Target
360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
-
Size
1.4MB
-
MD5
31fee2c73b8d2a8ec979775cd5f5ced7
-
SHA1
39182a68bc0c1c07d3ddc47cd69fe3692dbac834
-
SHA256
d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe
-
SHA512
db51b602a8675641bc3a0a980a197243787ed12f5e0619cb1d390c91193d7e3447e3e86e2321c3ea273c6732b356003a249241d7d8a5699931810e5a35d5c650
-
SSDEEP
24576:kL/7n6lbcC8oblv1zj1SqdAGFQZIxvC45UJoe1Z:E6+C8o5tzjYq+ZIxL5UJoeL
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation 360TS_Setup.exe -
Executes dropped EXE 2 IoCs
pid Process 2488 360TS_Setup.exe 3916 360TS_Setup.exe -
Loads dropped DLL 3 IoCs
pid Process 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe 2488 360TS_Setup.exe 3916 360TS_Setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe File opened for modification \??\PhysicalDrive0 360TS_Setup.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\1703192606_0\360TS_Setup.exe 360TS_Setup.exe File opened for modification C:\Program Files (x86)\1703192606_0\360TS_Setup.exe 360TS_Setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2488 360TS_Setup.exe 3916 360TS_Setup.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4712 wrote to memory of 2488 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe 97 PID 4712 wrote to memory of 2488 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe 97 PID 4712 wrote to memory of 2488 4712 360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe 97 PID 2488 wrote to memory of 3916 2488 360TS_Setup.exe 99 PID 2488 wrote to memory of 3916 2488 360TS_Setup.exe 99 PID 2488 wrote to memory of 3916 2488 360TS_Setup.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe"C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712 -
C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe"C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe" /c:"affi.aditmedia.PB" /sc:"gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz" /pmode:22⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Program Files (x86)\1703192606_0\360TS_Setup.exe"C:\Program Files (x86)\1703192606_0\360TS_Setup.exe" /c:"affi.aditmedia.PB" /sc:"gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz" /pmode:2 /TSinstall3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:3916
-
-
Network
-
Remote address:8.8.8.8:53Request83.177.190.20.in-addr.arpaIN PTRResponse
-
DNSst.p.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:8.8.8.8:53Requestst.p.360safe.comIN AResponsest.p.360safe.comIN A54.77.42.29
-
DNSs.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:8.8.8.8:53Requests.360safe.comIN AResponses.360safe.comIN CNAMEs.360safe.com.os-lb.coms.360safe.com.os-lb.comIN A52.29.179.141s.360safe.com.os-lb.comIN A18.184.178.29
-
DNSiup.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:8.8.8.8:53Requestiup.360safe.comIN AResponseiup.360safe.comIN CNAMEiup-qihoo360.cdnvideo.ruiup-qihoo360.cdnvideo.ruIN A151.236.118.237
-
DNStr.p.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:8.8.8.8:53Requesttr.p.360safe.comIN AResponsetr.p.360safe.comIN A54.76.174.118
-
GEThttp://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=153360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:52.29.179.141:80RequestGET /360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=153 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: s.360safe.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Thu, 21 Dec 2023 21:02:20 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Fri, 25 May 2018 09:32:19 GMT
Connection: close
Accept-Ranges: bytes
-
GEThttp://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:151.236.118.237:80RequestGET /iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: iup.360safe.com
Connection: Close
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Thu, 21 Dec 2023 21:02:20 GMT
Content-Type: application/octet-stream
Content-Length: 654
Connection: close
Last-Modified: Thu, 21 Dec 2023 10:13:50 GMT
X-CDN-Edge-Cache: HIT
X-CDN-Edge-Id: 311
X-CDN-Request-Id: bab5ff3d5f47bf38c6be79ec11920ed2
Accept-Ranges: bytes
-
Remote address:8.8.8.8:53Request118.174.76.54.in-addr.arpaIN PTRResponse118.174.76.54.in-addr.arpaIN PTRec2-54-76-174-118 eu-west-1compute amazonawscom
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request29.42.77.54.in-addr.arpaIN PTRResponse29.42.77.54.in-addr.arpaIN PTRec2-54-77-42-29 eu-west-1compute amazonawscom
-
Remote address:8.8.8.8:53Request237.118.236.151.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request141.179.29.52.in-addr.arpaIN PTRResponse141.179.29.52.in-addr.arpaIN PTRec2-52-29-179-141eu-central-1compute amazonawscom
-
Remote address:8.8.8.8:53Request209.178.17.96.in-addr.arpaIN PTRResponse209.178.17.96.in-addr.arpaIN PTRa96-17-178-209deploystaticakamaitechnologiescom
-
GEThttp://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:52.29.179.141:80RequestGET /safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: s.360safe.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Thu, 21 Dec 2023 21:02:21 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Fri, 25 May 2018 09:31:45 GMT
Connection: close
Accept-Ranges: bytes
-
DNSint.down.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:8.8.8.8:53Requestint.down.360safe.comIN AResponseint.down.360safe.comIN CNAMEint-qihoo360.cdnvideo.ruint-qihoo360.cdnvideo.ruIN A151.236.118.237
-
GEThttp://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:151.236.118.237:80RequestGET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: int.down.360safe.com
Connection: Close
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Thu, 21 Dec 2023 21:02:21 GMT
Content-Type: application/octet-stream
Content-Length: 101171944
Connection: close
Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
Expires: Thu, 21 Dec 2023 21:01:01 GMT
Cache-Control: max-age=600
X-CDN-Edge-Cache: HIT
X-CDN-Edge-Id: 311
X-CDN-Request-Id: 03b22d0e60f58ef747f0d53e47896d05
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
-
GEThttp://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:151.236.118.237:80RequestGET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: int.down.360safe.com
Range: bytes=50593792-
Connection: Close
Cache-Control: no-cache
ResponseHTTP/1.1 206 Partial Content
Date: Thu, 21 Dec 2023 21:02:21 GMT
Content-Type: application/octet-stream
Content-Length: 50578152
Connection: close
Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
Expires: Thu, 21 Dec 2023 21:01:01 GMT
Cache-Control: max-age=600
X-CDN-Edge-Cache: HIT
X-CDN-Edge-Id: 311
X-CDN-Request-Id: d945c52d1406d3d71d0d535e6e97abad
Access-Control-Allow-Origin: *
Content-Range: bytes 50593792-101171943/101171944
-
GEThttp://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:151.236.118.237:80RequestGET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: int.down.360safe.com
Range: bytes=25296896-
Connection: Close
Cache-Control: no-cache
ResponseHTTP/1.1 206 Partial Content
Date: Thu, 21 Dec 2023 21:02:21 GMT
Content-Type: application/octet-stream
Content-Length: 75875048
Connection: close
Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
Expires: Thu, 21 Dec 2023 21:01:01 GMT
Cache-Control: max-age=600
X-CDN-Edge-Cache: HIT
X-CDN-Edge-Id: 311
X-CDN-Request-Id: 5b9807809261ad50cc11269be7d3345c
Access-Control-Allow-Origin: *
Content-Range: bytes 25296896-101171943/101171944
-
GEThttp://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:151.236.118.237:80RequestGET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: int.down.360safe.com
Range: bytes=75890688-
Connection: Close
Cache-Control: no-cache
ResponseHTTP/1.1 206 Partial Content
Date: Thu, 21 Dec 2023 21:02:21 GMT
Content-Type: application/octet-stream
Content-Length: 25281256
Connection: close
Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
Expires: Thu, 21 Dec 2023 21:01:01 GMT
Cache-Control: max-age=600
X-CDN-Edge-Cache: HIT
X-CDN-Edge-Id: 311
X-CDN-Request-Id: fde9207996e4a5f4ad34100e6eded3e8
Access-Control-Allow-Origin: *
Content-Range: bytes 75890688-101171943/101171944
-
GEThttp://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:151.236.118.237:80RequestGET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: int.down.360safe.com
Range: bytes=12648448-
Connection: Close
Cache-Control: no-cache
ResponseHTTP/1.1 206 Partial Content
Date: Thu, 21 Dec 2023 21:02:21 GMT
Content-Type: application/octet-stream
Content-Length: 88523496
Connection: close
Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
Expires: Thu, 21 Dec 2023 21:01:01 GMT
Cache-Control: max-age=600
X-CDN-Edge-Cache: HIT
X-CDN-Edge-Id: 311
X-CDN-Request-Id: cdf611d8fb6019733a8c425920a1baa4
Access-Control-Allow-Origin: *
Content-Range: bytes 12648448-101171943/101171944
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
DNSsd.p.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:8.8.8.8:53Requestsd.p.360safe.comIN AResponsesd.p.360safe.comIN CNAMEd29kc70vrlkws4.cloudfront.netd29kc70vrlkws4.cloudfront.netIN A18.154.56.226d29kc70vrlkws4.cloudfront.netIN A18.154.56.104d29kc70vrlkws4.cloudfront.netIN A18.154.56.170d29kc70vrlkws4.cloudfront.netIN A18.154.56.214
-
GEThttp://sd.p.360safe.com/39000C618185CC049B3E36E3750D5252AE25BD25.trt360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:18.154.56.226:80RequestGET /39000C618185CC049B3E36E3750D5252AE25BD25.trt HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: sd.p.360safe.com
Connection: Close
Cache-Control: no-cache
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request176.178.17.96.in-addr.arpaIN PTR
-
DNS360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:151.236.118.237:80ResponseHTTP/1.1 206 Partial Content
Date: Thu, 21 Dec 2023 21:03:22 GMT
Content-Type: application/octet-stream
Content-Length: 89326312
Connection: close
Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
Expires: Thu, 21 Dec 2023 21:11:02 GMT
Cache-Control: max-age=600
X-CDN-Edge-Cache: HIT
X-CDN-Edge-Id: 311
X-CDN-Request-Id: 3d7e75a9029e7e0151e5ee5641115da0
Access-Control-Allow-Origin: *
Content-Range: bytes 11845632-101171943/101171944
-
Remote address:8.8.8.8:53Responsectldl.windowsupdate.comIN CNAMEwu-bg-shim.trafficmanager.netwu-bg-shim.trafficmanager.netIN CNAMEdownload.windowsupdate.com.edgesuite.netdownload.windowsupdate.com.edgesuite.netIN CNAMEa767.dspw65.akamai.neta767.dspw65.akamai.netIN A96.17.178.181a767.dspw65.akamai.netIN A96.17.178.173a767.dspw65.akamai.netIN A96.17.178.176a767.dspw65.akamai.netIN A96.17.178.189a767.dspw65.akamai.netIN A96.17.178.206a767.dspw65.akamai.netIN A96.17.178.210a767.dspw65.akamai.netIN A96.17.178.179
-
GEThttp://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:151.236.118.237:80RequestGET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: int.down.360safe.com
Range: bytes=12615680-
Connection: Close
Cache-Control: no-cache
-
DNS360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:151.236.118.237:80ResponseHTTP/1.1 206 Partial Content
Date: Thu, 21 Dec 2023 21:03:24 GMT
Content-Type: application/octet-stream
Content-Length: 35259112
Connection: close
Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
Expires: Thu, 21 Dec 2023 21:11:02 GMT
Cache-Control: max-age=600
X-CDN-Edge-Cache: HIT
X-CDN-Edge-Id: 311
X-CDN-Request-Id: 2563aa1d4ee15f7c05e2f1d4b96cfa58
Access-Control-Allow-Origin: *
Content-Range: bytes 65912832-101171943/101171944
-
Remote address:8.8.8.8:53Request181.178.17.96.in-addr.arpaIN PTRResponse181.178.17.96.in-addr.arpaIN PTRa96-17-178-181deploystaticakamaitechnologiescom
-
GEThttp://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=1580811&tdl=101171944&tds=1614120&terr=0&tes=Status|1,ErrorCode|0,DnCount|18,HttpNum|14,DnFailCount|17,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=64594&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:52.29.179.141:80RequestGET /safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=1580811&tdl=101171944&tds=1614120&terr=0&tes=Status|1,ErrorCode|0,DnCount|18,HttpNum|14,DnFailCount|17,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=64594&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: s.360safe.com
Connection: Keep-Alive
-
GEThttp://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=9360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exeRemote address:52.29.179.141:80RequestGET /360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=9 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: s.360safe.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Thu, 21 Dec 2023 21:03:28 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Fri, 25 May 2018 09:32:19 GMT
Connection: close
Accept-Ranges: bytes
-
Remote address:8.8.8.8:53Requestorion.ts.360.comIN AResponseorion.ts.360.comIN CNAMEorion.ts.360.com.awsr53.qihucdn.comorion.ts.360.com.awsr53.qihucdn.comIN A82.145.215.156
-
GEThttps://orion.ts.360.com/c?ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192608&checksum=EB1875C5387B555531D69601360TS_Setup.exeRemote address:82.145.215.156:443RequestGET /c?ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192608&checksum=EB1875C5387B555531D69601 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: orion.ts.360.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Thu, 21 Dec 2023 21:03:31 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
content-length: 2
-
GEThttps://orion.ts.360.com/installapp?c=se&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192609&checksum=17C496567C7AAE2965BFB6C6360TS_Setup.exeRemote address:82.145.215.156:443RequestGET /installapp?c=se&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192609&checksum=17C496567C7AAE2965BFB6C6 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: orion.ts.360.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Thu, 21 Dec 2023 21:03:31 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 35
Connection: keep-alive
X-Orion-Content-Type: orion; version=1.0
-
Remote address:8.8.8.8:53Request23.149.64.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request156.215.145.82.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requests.360totalsecurity.comIN AResponses.360totalsecurity.comIN CNAMEq1to4.opams.smartnetwork.twq1to4.opams.smartnetwork.twIN A82.145.213.42q1to4.opams.smartnetwork.twIN A82.145.213.40q1to4.opams.smartnetwork.twIN A82.145.213.43q1to4.opams.smartnetwork.twIN A82.145.213.41
-
Remote address:8.8.8.8:53Requests.360totalsecurity.comIN AResponses.360totalsecurity.comIN CNAMEq1to4.opams.smartnetwork.twq1to4.opams.smartnetwork.twIN A82.145.213.42q1to4.opams.smartnetwork.twIN A82.145.213.40q1to4.opams.smartnetwork.twIN A82.145.213.43q1to4.opams.smartnetwork.twIN A82.145.213.41
-
GEThttp://s.360totalsecurity.com/safei18n/ins_pb.html?mid=fd6f167662a9e214b9bf98b02672c233&m2=3b553e985dae6ec8d6861a66ac8284f2ccb379942b99&ver=&lan=&os=10.0-x64&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ue=1&ACP=1252&GEOID=244&br=unkn_msedge.exe&promo_opr=0&rule_opr=1¶m_opr=0&tt_opr=141&rr_opr=0x00000001&cerr=0MainDlg747&Percent=0&madt=v1&toat=3EFA4619721D811D37788452360TS_Setup.exeRemote address:82.145.213.42:80RequestGET /safei18n/ins_pb.html?mid=fd6f167662a9e214b9bf98b02672c233&m2=3b553e985dae6ec8d6861a66ac8284f2ccb379942b99&ver=&lan=&os=10.0-x64&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ue=1&ACP=1252&GEOID=244&br=unkn_msedge.exe&promo_opr=0&rule_opr=1¶m_opr=0&tt_opr=141&rr_opr=0x00000001&cerr=0MainDlg747&Percent=0&madt=v1&toat=3EFA4619721D811D37788452 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: s.360totalsecurity.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Thu, 21 Dec 2023 21:06:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
-
Remote address:8.8.8.8:53Request42.213.145.82.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request42.213.145.82.in-addr.arpaIN PTRResponse
-
52.29.179.141:80http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=153http360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe599 B 381 B 5 4
HTTP Request
GET http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=153HTTP Response
200 -
151.236.118.237:80http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cabhttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe440 B 1.1kB 5 4
HTTP Request
GET http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cabHTTP Response
200 -
151.236.118.237:80iup.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe144 B 52 B 3 1
-
151.236.118.237:80iup.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe144 B 52 B 3 1
-
151.236.118.237:80iup.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe144 B 52 B 3 1
-
151.236.118.237:80iup.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe144 B 52 B 3 1
-
151.236.118.237:80iup.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe144 B 52 B 3 1
-
52.29.179.141:80http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TShttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe871 B 381 B 5 4
HTTP Request
GET http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TSHTTP Response
200 -
151.236.118.237:80http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exehttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe22.0kB 1.2MB 473 937
HTTP Request
GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exeHTTP Response
200 -
151.236.118.237:80http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exehttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe25.1kB 1.3MB 541 1068
HTTP Request
GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exeHTTP Response
206 -
151.236.118.237:80http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exehttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe35.8kB 2.0MB 773 1535
HTTP Request
GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exeHTTP Response
206 -
151.236.118.237:80http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exehttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe41.0kB 2.3MB 887 1816
HTTP Request
GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exeHTTP Response
206 -
151.236.118.237:80http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exehttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe14.4kB 748.2kB 307 585
HTTP Request
GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exeHTTP Response
206 -
151.236.118.237:80int.down.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe17.0kB 1.0MB 370 770
-
18.154.56.226:80http://sd.p.360safe.com/39000C618185CC049B3E36E3750D5252AE25BD25.trthttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe350 B 92 B 3 2
HTTP Request
GET http://sd.p.360safe.com/39000C618185CC049B3E36E3750D5252AE25BD25.trt -
151.236.118.237:80int.down.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe10.3kB 588.0kB 225 461
-
276 B 240 B 6 6
-
151.236.118.237:80int.down.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe3.7kB 197.6kB 81 159
-
151.236.118.237:80int.down.360safe.comhttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe2.2kB 130.3kB 48 95
HTTP Response
206 -
151.236.118.237:80int.down.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe1.2kB 68.4kB 26 53
-
151.236.118.237:80int.down.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe1.3kB 65.9kB 29 54
-
151.236.118.237:80http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exehttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe421 B 92 B 4 2
HTTP Request
GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe -
151.236.118.237:80int.down.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe144 B 52 B 3 1
-
151.236.118.237:80int.down.360safe.comhttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe92 B 4.2kB 2 3
HTTP Response
206 -
151.236.118.237:80int.down.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe46 B 1
-
151.236.118.237:80int.down.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe46 B 1
-
52.29.179.141:80http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=1580811&tdl=101171944&tds=1614120&terr=0&tes=Status|1,ErrorCode|0,DnCount|18,HttpNum|14,DnFailCount|17,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=64594&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TShttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe806 B 92 B 3 2
HTTP Request
GET http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=1580811&tdl=101171944&tds=1614120&terr=0&tes=Status|1,ErrorCode|0,DnCount|18,HttpNum|14,DnFailCount|17,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=64594&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS -
52.29.179.141:80http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=9http360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe597 B 381 B 5 4
HTTP Request
GET http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=9HTTP Response
200 -
46 B 1
-
82.145.215.156:443https://orion.ts.360.com/installapp?c=se&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192609&checksum=17C496567C7AAE2965BFB6C6tls, http360TS_Setup.exe2.1kB 7.1kB 23 21
HTTP Request
GET https://orion.ts.360.com/c?ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192608&checksum=EB1875C5387B555531D69601HTTP Response
200HTTP Request
GET https://orion.ts.360.com/installapp?c=se&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192609&checksum=17C496567C7AAE2965BFB6C6HTTP Response
200 -
-
-
-
-
-
-
-
-
151.236.118.237:80360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
-
82.145.213.42:80http://s.360totalsecurity.com/safei18n/ins_pb.html?mid=fd6f167662a9e214b9bf98b02672c233&m2=3b553e985dae6ec8d6861a66ac8284f2ccb379942b99&ver=&lan=&os=10.0-x64&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ue=1&ACP=1252&GEOID=244&br=unkn_msedge.exe&promo_opr=0&rule_opr=1¶m_opr=0&tt_opr=141&rr_opr=0x00000001&cerr=0MainDlg747&Percent=0&madt=v1&toat=3EFA4619721D811D37788452http360TS_Setup.exe739 B 286 B 5 3
HTTP Request
GET http://s.360totalsecurity.com/safei18n/ins_pb.html?mid=fd6f167662a9e214b9bf98b02672c233&m2=3b553e985dae6ec8d6861a66ac8284f2ccb379942b99&ver=&lan=&os=10.0-x64&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ue=1&ACP=1252&GEOID=244&br=unkn_msedge.exe&promo_opr=0&rule_opr=1¶m_opr=0&tt_opr=141&rr_opr=0x00000001&cerr=0MainDlg747&Percent=0&madt=v1&toat=3EFA4619721D811D37788452HTTP Response
200
-
72 B 158 B 1 1
DNS Request
83.177.190.20.in-addr.arpa
-
8.8.8.8:53st.p.360safe.comdns360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe62 B 78 B 1 1
DNS Request
st.p.360safe.com
DNS Response
54.77.42.29
-
56 B 1
-
8.8.8.8:53s.360safe.comdns360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe59 B 125 B 1 1
DNS Request
s.360safe.com
DNS Response
52.29.179.14118.184.178.29
-
8.8.8.8:53iup.360safe.comdns360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe61 B 115 B 1 1
DNS Request
iup.360safe.com
DNS Response
151.236.118.237
-
8.8.8.8:53tr.p.360safe.comdns360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe62 B 78 B 1 1
DNS Request
tr.p.360safe.com
DNS Response
54.76.174.118
-
54.76.174.118:80tr.p.360safe.comhttp360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe324 B 4
-
54.77.42.29:3478st.p.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe392 B 7
-
54.77.42.29:3478st.p.360safe.com360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe784 B 14
-
72 B 135 B 1 1
DNS Request
118.174.76.54.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
70 B 131 B 1 1
DNS Request
29.42.77.54.in-addr.arpa
-
74 B 134 B 1 1
DNS Request
237.118.236.151.in-addr.arpa
-
72 B 138 B 1 1
DNS Request
141.179.29.52.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
209.178.17.96.in-addr.arpa
-
8.8.8.8:53int.down.360safe.comdns360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe66 B 120 B 1 1
DNS Request
int.down.360safe.com
DNS Response
151.236.118.237
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
8.8.8.8:53sd.p.360safe.comdns360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe62 B 169 B 1 1
DNS Request
sd.p.360safe.com
DNS Response
18.154.56.22618.154.56.10418.154.56.17018.154.56.214
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
72 B 1
DNS Request
176.178.17.96.in-addr.arpa
-
308 B 1
DNS Response
96.17.178.18196.17.178.17396.17.178.17696.17.178.18996.17.178.20696.17.178.21096.17.178.179
-
72 B 137 B 1 1
DNS Request
181.178.17.96.in-addr.arpa
-
62 B 124 B 1 1
DNS Request
orion.ts.360.com
DNS Response
82.145.215.156
-
72 B 134 B 1 1
DNS Request
23.149.64.172.in-addr.arpa
-
73 B 134 B 1 1
DNS Request
156.215.145.82.in-addr.arpa
-
-
-
-
-
-
-
-
-
-
-
-
-
-
136 B 346 B 2 2
DNS Request
s.360totalsecurity.com
DNS Request
s.360totalsecurity.com
DNS Response
82.145.213.4282.145.213.4082.145.213.4382.145.213.41
DNS Response
82.145.213.4282.145.213.4082.145.213.4382.145.213.41
-
144 B 266 B 2 2
DNS Request
42.213.145.82.in-addr.arpa
DNS Request
42.213.145.82.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209KB
MD588f2e821f4c4474b25cb88bdac8c82a2
SHA1cde0c78af4e071547eb69d9e7144318aa2604ec3
SHA256a62227e79da098fbe3a4c6f666660b47dd0ce11101d20c881acbedc423501cc2
SHA5120a8092146216f61e1bc59fe6120dc121249f6831606018089cc7e01581b2b22b4ba3b7fca280c63b15679bce22a7da7bf2f81fb1c0cb2348d551c647bef2f1bb
-
Filesize
280KB
MD5548ccdffe9fb17cbb75f51751200e01c
SHA1d97fca73ecce4cb4e91d610edc379bd5447ca5f5
SHA25686974f919a0893d316661d3f26a191b8c2f72335681f51033c59e5b35a825655
SHA51267a1cdc8fc064918ac3d64d17e6ccbc6b7a0ffb3661f9fa83dba98fbb077b83aac2f635a26d9cd9dbc65f6a9f0985909aaf1f80cb2364f0ac679244d4fc3a127
-
Filesize
654B
MD5e6ed35317329cdaf208d23953b94a532
SHA1c28a14e41c58de811fa191bb015971922cd42c1a
SHA2569a9f95a8376b94ea79e2461040bef5c53c478e97cd263e0fba6f82077b3d2705
SHA5126e3f1cb58592e1bb5be23860d983ed3d7a340f86434321eadd1601a23138b47d3452b0716d5b6b683c1c593e05432a956c6a59682a55edb1daa17fecb55e7bd2
-
Filesize
830B
MD55a4cdd6d16dac7d3a056f5b2753ebacd
SHA1ad41d1801ab37192750d64f21f6fd24cb7ab57d9
SHA256623d9b8fea2a854e05a07ea5421cea2f522d460bb628145d196059a7738dd23c
SHA5121a10842a0794a1e6cc0aab4557ce7ed5eea9ab69c88c8053fd9be1e403ed4b0ba0b50989d3c95a9eeee382838e585f8380a4eb6fd9f407ca1bd04eb282501441
-
Filesize
79KB
MD57d119b97f878116faaf9a5655de306f9
SHA14a655d85340dfc1049755d971a4c67facd7a8169
SHA2566db0a7adb67546d60f85a604e835da0c346bb6ab7f59899372614c1f95c25a66
SHA5120edcd8c4be4daf4cdb7daef4df9cbd2b07ea0b135c8a9cd63beee41efb59df2570405c0382b17db8b9345d1a7e686e34e1f4e31f1a0fada509e4ff1111b6fefd
-
Filesize
205KB
MD56b94fa8ba2a4e0e2c97fe46549d3d9a7
SHA17b9cef652b364b05599b69a9776e118a10580b46
SHA256446bbca5338084fc225accb81509150d9f3374eb5c7ec6e21ba99bd834cf5bec
SHA51287d8d02b44f449fe90e3aa145abe4bbe26295e48f2b89fea87e70cfa549fcb0a715d760914f4dcf0ae115e8a313d052586c05dc7fb090c4c00d10917ae57795e
-
Filesize
199KB
MD5c7c845d6de3b9094d178223563766363
SHA125715cff959d30612db0db8cef70f1bf94e588cc
SHA256ba5cb47d6da4ec8f89f7187487adad13df1ea52b3c3dec3d72caa110be1d6eae
SHA512d70511b022a290d86563235fda67ba3ff915609add6af3200b4e9ca15829fe46d210aa888d5ead519041b876622aa0b37b4487c7aae5427958214cc9c7dd2cbe
-
Filesize
464KB
MD53c1717d4d3f7be6493f26f7b277b67cf
SHA18d006d665d02384c6f55563034d28e010cab2ed0
SHA2562239bc1743392552a1a539d70d10eefbe074a8397cdc7166d91a92cb0d06cc75
SHA512c7edc3c6dffdbe862c26ee12fc9490d9a5e8eb1bc82d08ccb40516700c1d8e60ac23c6f8d5caf57e0206af0a76bed025fdf185068b51e920615da5c47ef43723
-
Filesize
190KB
MD57517247f62bb4f8f0bbb7a7471980295
SHA1a43f11e196a61204f52b325fd8b71a352ea351ff
SHA2564f067fc8ee0fcd10cf7b051cf64d9d396bfb988c872fc35f9dab55ab01222d38
SHA5127e8a2f18f02b1a2e3b98bd27751d554822c588b10518b155e584073f9915522c7a021f1d5bcee9870feeb20cc44c56ea43bb9e754eb6e549866d34429278f348
-
Filesize
273KB
MD53b8c6bff1686998b4ff06be6268511e8
SHA1fda2aaca5bea8f52a47d0d210aa518fd6dc4b3f1
SHA2569c16c4e77fcb84740c9bf89f0b0ccb2e69fa839deec5c45beabdd03d21c2055b
SHA512d70647d7d49e1cfbf42e98e876b9bfc8182d29912d1e3b5a537f3b9180bb3d83c4294227f808e2a3acfaa2e7df1f9c301a00be5afdcccdd37837fb8e79e7542d
-
Filesize
92KB
MD527be16c318f2da64db835745a8d085bc
SHA123181c03354a919f0f79d607bf35e561a42cdc6f
SHA2562c56dafbf7056f7ad5750f844967b90ba9379b2078d35461563c023af4d5a4fc
SHA51262e89f1650e99d36683a831d632d9e67ff8b5c8be3480850c65c7a4943e132d75827fabe8a7d6e556878d7a789c602afe2daf1f8bde14a4b3d8f3d38dd8e1c46
-
Filesize
149KB
MD5caf0ecf9725d944ee3fb2a9ad0c9b7e5
SHA118b9753dc40c49befd2c72c0322fc9ba98908288
SHA256b844ab55524ffe669228b8ecc1c2d2fea949f9400bf4c194e1f98bd9537dbae7
SHA5122e735e52f8c78ddb0506e9850f847efc274a694904698facfbf21233d0fae803a23dc038efea699d465d3389960b04374a226253ad7d607165dd4a4c6b3e8c67
-
Filesize
3KB
MD5b1ddd3b1895d9a3013b843b3702ac2bd
SHA171349f5c577a3ae8acb5fbce27b18a203bf04ede
SHA25646cda5ad256bf373f5ed0b2a20efa5275c1ffd96864c33f3727e76a3973f4b3c
SHA51293e6c10c4a8465bc2e58f4c7eb300860186ddc5734599bcdad130ff9c8fd324443045eac54bbc667b058ac1fa271e5b7645320c6e3fc2f28cc5f824096830de1