Analysis

  • max time kernel
    237s
  • max time network
    239s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2023 21:01

General

  • Target

    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe

  • Size

    1.4MB

  • MD5

    31fee2c73b8d2a8ec979775cd5f5ced7

  • SHA1

    39182a68bc0c1c07d3ddc47cd69fe3692dbac834

  • SHA256

    d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe

  • SHA512

    db51b602a8675641bc3a0a980a197243787ed12f5e0619cb1d390c91193d7e3447e3e86e2321c3ea273c6732b356003a249241d7d8a5699931810e5a35d5c650

  • SSDEEP

    24576:kL/7n6lbcC8oblv1zj1SqdAGFQZIxvC45UJoe1Z:E6+C8o5tzjYq+ZIxL5UJoeL

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    "C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4712
    • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe" /c:"affi.aditmedia.PB" /sc:"gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz" /pmode:2
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Program Files (x86)\1703192606_0\360TS_Setup.exe
        "C:\Program Files (x86)\1703192606_0\360TS_Setup.exe" /c:"affi.aditmedia.PB" /sc:"gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz" /pmode:2 /TSinstall
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Writes to the Master Boot Record (MBR)
        • Suspicious use of SetWindowsHookEx
        PID:3916

Network

  • flag-us
    DNS
    83.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    st.p.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    8.8.8.8:53
    Request
    st.p.360safe.com
    IN A
    Response
    st.p.360safe.com
    IN A
    54.77.42.29
  • flag-us
    DNS
    s.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    8.8.8.8:53
    Request
    s.360safe.com
    IN A
    Response
    s.360safe.com
    IN CNAME
    s.360safe.com.os-lb.com
    s.360safe.com.os-lb.com
    IN A
    52.29.179.141
    s.360safe.com.os-lb.com
    IN A
    18.184.178.29
  • flag-us
    DNS
    iup.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    8.8.8.8:53
    Request
    iup.360safe.com
    IN A
    Response
    iup.360safe.com
    IN CNAME
    iup-qihoo360.cdnvideo.ru
    iup-qihoo360.cdnvideo.ru
    IN A
    151.236.118.237
  • flag-us
    DNS
    tr.p.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    8.8.8.8:53
    Request
    tr.p.360safe.com
    IN A
    Response
    tr.p.360safe.com
    IN A
    54.76.174.118
  • flag-de
    GET
    http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=153
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    52.29.179.141:80
    Request
    GET /360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=153 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: s.360safe.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.0.12
    Date: Thu, 21 Dec 2023 21:02:20 GMT
    Content-Type: text/html
    Content-Length: 0
    Last-Modified: Fri, 25 May 2018 09:32:19 GMT
    Connection: close
    Accept-Ranges: bytes
  • flag-de
    GET
    http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    151.236.118.237:80
    Request
    GET /iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: iup.360safe.com
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 21 Dec 2023 21:02:20 GMT
    Content-Type: application/octet-stream
    Content-Length: 654
    Connection: close
    Last-Modified: Thu, 21 Dec 2023 10:13:50 GMT
    X-CDN-Edge-Cache: HIT
    X-CDN-Edge-Id: 311
    X-CDN-Request-Id: bab5ff3d5f47bf38c6be79ec11920ed2
    Accept-Ranges: bytes
  • flag-us
    DNS
    118.174.76.54.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    118.174.76.54.in-addr.arpa
    IN PTR
    Response
    118.174.76.54.in-addr.arpa
    IN PTR
    ec2-54-76-174-118 eu-west-1compute amazonawscom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.42.77.54.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.42.77.54.in-addr.arpa
    IN PTR
    Response
    29.42.77.54.in-addr.arpa
    IN PTR
    ec2-54-77-42-29 eu-west-1compute amazonawscom
  • flag-us
    DNS
    237.118.236.151.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.118.236.151.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    141.179.29.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    141.179.29.52.in-addr.arpa
    IN PTR
    Response
    141.179.29.52.in-addr.arpa
    IN PTR
    ec2-52-29-179-141 eu-central-1compute amazonawscom
  • flag-us
    DNS
    209.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.178.17.96.in-addr.arpa
    IN PTR
    Response
    209.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-209deploystaticakamaitechnologiescom
  • flag-de
    GET
    http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    52.29.179.141:80
    Request
    GET /safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: s.360safe.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.0.12
    Date: Thu, 21 Dec 2023 21:02:21 GMT
    Content-Type: text/html
    Content-Length: 0
    Last-Modified: Fri, 25 May 2018 09:31:45 GMT
    Connection: close
    Accept-Ranges: bytes
  • flag-us
    DNS
    int.down.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    8.8.8.8:53
    Request
    int.down.360safe.com
    IN A
    Response
    int.down.360safe.com
    IN CNAME
    int-qihoo360.cdnvideo.ru
    int-qihoo360.cdnvideo.ru
    IN A
    151.236.118.237
  • flag-de
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    151.236.118.237:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 21 Dec 2023 21:02:21 GMT
    Content-Type: application/octet-stream
    Content-Length: 101171944
    Connection: close
    Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
    Expires: Thu, 21 Dec 2023 21:01:01 GMT
    Cache-Control: max-age=600
    X-CDN-Edge-Cache: HIT
    X-CDN-Edge-Id: 311
    X-CDN-Request-Id: 03b22d0e60f58ef747f0d53e47896d05
    Access-Control-Allow-Origin: *
    Accept-Ranges: bytes
  • flag-de
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    151.236.118.237:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=50593792-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Server: nginx
    Date: Thu, 21 Dec 2023 21:02:21 GMT
    Content-Type: application/octet-stream
    Content-Length: 50578152
    Connection: close
    Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
    Expires: Thu, 21 Dec 2023 21:01:01 GMT
    Cache-Control: max-age=600
    X-CDN-Edge-Cache: HIT
    X-CDN-Edge-Id: 311
    X-CDN-Request-Id: d945c52d1406d3d71d0d535e6e97abad
    Access-Control-Allow-Origin: *
    Content-Range: bytes 50593792-101171943/101171944
  • flag-de
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    151.236.118.237:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=25296896-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Server: nginx
    Date: Thu, 21 Dec 2023 21:02:21 GMT
    Content-Type: application/octet-stream
    Content-Length: 75875048
    Connection: close
    Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
    Expires: Thu, 21 Dec 2023 21:01:01 GMT
    Cache-Control: max-age=600
    X-CDN-Edge-Cache: HIT
    X-CDN-Edge-Id: 311
    X-CDN-Request-Id: 5b9807809261ad50cc11269be7d3345c
    Access-Control-Allow-Origin: *
    Content-Range: bytes 25296896-101171943/101171944
  • flag-de
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    151.236.118.237:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=75890688-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Server: nginx
    Date: Thu, 21 Dec 2023 21:02:21 GMT
    Content-Type: application/octet-stream
    Content-Length: 25281256
    Connection: close
    Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
    Expires: Thu, 21 Dec 2023 21:01:01 GMT
    Cache-Control: max-age=600
    X-CDN-Edge-Cache: HIT
    X-CDN-Edge-Id: 311
    X-CDN-Request-Id: fde9207996e4a5f4ad34100e6eded3e8
    Access-Control-Allow-Origin: *
    Content-Range: bytes 75890688-101171943/101171944
  • flag-de
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    151.236.118.237:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=12648448-
    Connection: Close
    Cache-Control: no-cache
    Response
    HTTP/1.1 206 Partial Content
    Server: nginx
    Date: Thu, 21 Dec 2023 21:02:21 GMT
    Content-Type: application/octet-stream
    Content-Length: 88523496
    Connection: close
    Last-Modified: Thu, 21 Dec 2023 10:07:23 GMT
    Expires: Thu, 21 Dec 2023 21:01:01 GMT
    Cache-Control: max-age=600
    X-CDN-Edge-Cache: HIT
    X-CDN-Edge-Id: 311
    X-CDN-Request-Id: cdf611d8fb6019733a8c425920a1baa4
    Access-Control-Allow-Origin: *
    Content-Range: bytes 12648448-101171943/101171944
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    sd.p.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    8.8.8.8:53
    Request
    sd.p.360safe.com
    IN A
    Response
    sd.p.360safe.com
    IN CNAME
    d29kc70vrlkws4.cloudfront.net
    d29kc70vrlkws4.cloudfront.net
    IN A
    18.154.56.226
    d29kc70vrlkws4.cloudfront.net
    IN A
    18.154.56.104
    d29kc70vrlkws4.cloudfront.net
    IN A
    18.154.56.170
    d29kc70vrlkws4.cloudfront.net
    IN A
    18.154.56.214
  • flag-us
    GET
    http://sd.p.360safe.com/39000C618185CC049B3E36E3750D5252AE25BD25.trt
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    18.154.56.226:80
    Request
    GET /39000C618185CC049B3E36E3750D5252AE25BD25.trt HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: sd.p.360safe.com
    Connection: Close
    Cache-Control: no-cache
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    176.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.178.17.96.in-addr.arpa
    IN PTR
  • flag-de
    DNS
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    151.236.118.237:80
    Response
    HTTP/1.1 206 Partial Content
    Server: nginx
    Date: Thu, 21 Dec 2023 21:03:22 GMT
    Content-Type: application/octet-stream
    Content-Length: 89326312
    Connection: close
    Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
    Expires: Thu, 21 Dec 2023 21:11:02 GMT
    Cache-Control: max-age=600
    X-CDN-Edge-Cache: HIT
    X-CDN-Edge-Id: 311
    X-CDN-Request-Id: 3d7e75a9029e7e0151e5ee5641115da0
    Access-Control-Allow-Origin: *
    Content-Range: bytes 11845632-101171943/101171944
  • flag-us
    DNS
    Remote address:
    8.8.8.8:53
    Response
    ctldl.windowsupdate.com
    IN CNAME
    wu-bg-shim.trafficmanager.net
    wu-bg-shim.trafficmanager.net
    IN CNAME
    download.windowsupdate.com.edgesuite.net
    download.windowsupdate.com.edgesuite.net
    IN CNAME
    a767.dspw65.akamai.net
    a767.dspw65.akamai.net
    IN A
    96.17.178.181
    a767.dspw65.akamai.net
    IN A
    96.17.178.173
    a767.dspw65.akamai.net
    IN A
    96.17.178.176
    a767.dspw65.akamai.net
    IN A
    96.17.178.189
    a767.dspw65.akamai.net
    IN A
    96.17.178.206
    a767.dspw65.akamai.net
    IN A
    96.17.178.210
    a767.dspw65.akamai.net
    IN A
    96.17.178.179
  • flag-de
    GET
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    151.236.118.237:80
    Request
    GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
    Accept: */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: int.down.360safe.com
    Range: bytes=12615680-
    Connection: Close
    Cache-Control: no-cache
  • flag-de
    DNS
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    151.236.118.237:80
    Response
    HTTP/1.1 206 Partial Content
    Server: nginx
    Date: Thu, 21 Dec 2023 21:03:24 GMT
    Content-Type: application/octet-stream
    Content-Length: 35259112
    Connection: close
    Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
    Expires: Thu, 21 Dec 2023 21:11:02 GMT
    Cache-Control: max-age=600
    X-CDN-Edge-Cache: HIT
    X-CDN-Edge-Id: 311
    X-CDN-Request-Id: 2563aa1d4ee15f7c05e2f1d4b96cfa58
    Access-Control-Allow-Origin: *
    Content-Range: bytes 65912832-101171943/101171944
  • flag-us
    DNS
    181.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    181.178.17.96.in-addr.arpa
    IN PTR
    Response
    181.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-181deploystaticakamaitechnologiescom
  • flag-de
    GET
    http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=1580811&tdl=101171944&tds=1614120&terr=0&tes=Status|1,ErrorCode|0,DnCount|18,HttpNum|14,DnFailCount|17,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=64594&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    52.29.179.141:80
    Request
    GET /safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=1580811&tdl=101171944&tds=1614120&terr=0&tes=Status|1,ErrorCode|0,DnCount|18,HttpNum|14,DnFailCount|17,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=64594&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: s.360safe.com
    Connection: Keep-Alive
  • flag-de
    GET
    http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=9
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    Remote address:
    52.29.179.141:80
    Request
    GET /360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=9 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: s.360safe.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.0.12
    Date: Thu, 21 Dec 2023 21:03:28 GMT
    Content-Type: text/html
    Content-Length: 0
    Last-Modified: Fri, 25 May 2018 09:32:19 GMT
    Connection: close
    Accept-Ranges: bytes
  • flag-us
    DNS
    orion.ts.360.com
    360TS_Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    orion.ts.360.com
    IN A
    Response
    orion.ts.360.com
    IN CNAME
    orion.ts.360.com.awsr53.qihucdn.com
    orion.ts.360.com.awsr53.qihucdn.com
    IN A
    82.145.215.156
  • flag-nl
    GET
    https://orion.ts.360.com/c?ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192608&checksum=EB1875C5387B555531D69601
    360TS_Setup.exe
    Remote address:
    82.145.215.156:443
    Request
    GET /c?ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192608&checksum=EB1875C5387B555531D69601 HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: orion.ts.360.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 21 Dec 2023 21:03:31 GMT
    Content-Type: text/plain; charset=utf-8
    Connection: keep-alive
    content-length: 2
  • flag-nl
    GET
    https://orion.ts.360.com/installapp?c=se&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192609&checksum=17C496567C7AAE2965BFB6C6
    360TS_Setup.exe
    Remote address:
    82.145.215.156:443
    Request
    GET /installapp?c=se&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192609&checksum=17C496567C7AAE2965BFB6C6 HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: orion.ts.360.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 21 Dec 2023 21:03:31 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 35
    Connection: keep-alive
    X-Orion-Content-Type: orion; version=1.0
  • flag-us
    DNS
    23.149.64.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.149.64.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    156.215.145.82.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    156.215.145.82.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    s.360totalsecurity.com
    360TS_Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    s.360totalsecurity.com
    IN A
    Response
    s.360totalsecurity.com
    IN CNAME
    q1to4.opams.smartnetwork.tw
    q1to4.opams.smartnetwork.tw
    IN A
    82.145.213.42
    q1to4.opams.smartnetwork.tw
    IN A
    82.145.213.40
    q1to4.opams.smartnetwork.tw
    IN A
    82.145.213.43
    q1to4.opams.smartnetwork.tw
    IN A
    82.145.213.41
  • flag-us
    DNS
    s.360totalsecurity.com
    360TS_Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    s.360totalsecurity.com
    IN A
    Response
    s.360totalsecurity.com
    IN CNAME
    q1to4.opams.smartnetwork.tw
    q1to4.opams.smartnetwork.tw
    IN A
    82.145.213.42
    q1to4.opams.smartnetwork.tw
    IN A
    82.145.213.40
    q1to4.opams.smartnetwork.tw
    IN A
    82.145.213.43
    q1to4.opams.smartnetwork.tw
    IN A
    82.145.213.41
  • flag-nl
    GET
    http://s.360totalsecurity.com/safei18n/ins_pb.html?mid=fd6f167662a9e214b9bf98b02672c233&m2=3b553e985dae6ec8d6861a66ac8284f2ccb379942b99&ver=&lan=&os=10.0-x64&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ue=1&ACP=1252&GEOID=244&br=unkn_msedge.exe&promo_opr=0&rule_opr=1&param_opr=0&tt_opr=141&rr_opr=0x00000001&cerr=0MainDlg747&Percent=0&madt=v1&toat=3EFA4619721D811D37788452
    360TS_Setup.exe
    Remote address:
    82.145.213.42:80
    Request
    GET /safei18n/ins_pb.html?mid=fd6f167662a9e214b9bf98b02672c233&m2=3b553e985dae6ec8d6861a66ac8284f2ccb379942b99&ver=&lan=&os=10.0-x64&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ue=1&ACP=1252&GEOID=244&br=unkn_msedge.exe&promo_opr=0&rule_opr=1&param_opr=0&tt_opr=141&rr_opr=0x00000001&cerr=0MainDlg747&Percent=0&madt=v1&toat=3EFA4619721D811D37788452 HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    Host: s.360totalsecurity.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 21 Dec 2023 21:06:16 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 0
    Connection: keep-alive
  • flag-us
    DNS
    42.213.145.82.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.213.145.82.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    42.213.145.82.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.213.145.82.in-addr.arpa
    IN PTR
    Response
  • 52.29.179.141:80
    http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=153
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    599 B
    381 B
    5
    4

    HTTP Request

    GET http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=153

    HTTP Response

    200
  • 151.236.118.237:80
    http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    440 B
    1.1kB
    5
    4

    HTTP Request

    GET http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab

    HTTP Response

    200
  • 151.236.118.237:80
    iup.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    144 B
    52 B
    3
    1
  • 151.236.118.237:80
    iup.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    144 B
    52 B
    3
    1
  • 151.236.118.237:80
    iup.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    144 B
    52 B
    3
    1
  • 151.236.118.237:80
    iup.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    144 B
    52 B
    3
    1
  • 151.236.118.237:80
    iup.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    144 B
    52 B
    3
    1
  • 52.29.179.141:80
    http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    871 B
    381 B
    5
    4

    HTTP Request

    GET http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS

    HTTP Response

    200
  • 151.236.118.237:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    22.0kB
    1.2MB
    473
    937

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

    HTTP Response

    200
  • 151.236.118.237:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    25.1kB
    1.3MB
    541
    1068

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

    HTTP Response

    206
  • 151.236.118.237:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    35.8kB
    2.0MB
    773
    1535

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

    HTTP Response

    206
  • 151.236.118.237:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    41.0kB
    2.3MB
    887
    1816

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

    HTTP Response

    206
  • 151.236.118.237:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    14.4kB
    748.2kB
    307
    585

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

    HTTP Response

    206
  • 151.236.118.237:80
    int.down.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    17.0kB
    1.0MB
    370
    770
  • 18.154.56.226:80
    http://sd.p.360safe.com/39000C618185CC049B3E36E3750D5252AE25BD25.trt
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    350 B
    92 B
    3
    2

    HTTP Request

    GET http://sd.p.360safe.com/39000C618185CC049B3E36E3750D5252AE25BD25.trt
  • 151.236.118.237:80
    int.down.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    10.3kB
    588.0kB
    225
    461
  • 23.37.2.11:443
    276 B
    240 B
    6
    6
  • 151.236.118.237:80
    int.down.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    3.7kB
    197.6kB
    81
    159
  • 151.236.118.237:80
    int.down.360safe.com
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    2.2kB
    130.3kB
    48
    95

    HTTP Response

    206
  • 151.236.118.237:80
    int.down.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    1.2kB
    68.4kB
    26
    53
  • 151.236.118.237:80
    int.down.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    1.3kB
    65.9kB
    29
    54
  • 151.236.118.237:80
    http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    421 B
    92 B
    4
    2

    HTTP Request

    GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
  • 151.236.118.237:80
    int.down.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    144 B
    52 B
    3
    1
  • 151.236.118.237:80
    int.down.360safe.com
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    92 B
    4.2kB
    2
    3

    HTTP Response

    206
  • 151.236.118.237:80
    int.down.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    46 B
    1
  • 151.236.118.237:80
    int.down.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    46 B
    1
  • 52.29.179.141:80
    http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=1580811&tdl=101171944&tds=1614120&terr=0&tes=Status|1,ErrorCode|0,DnCount|18,HttpNum|14,DnFailCount|17,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=64594&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    806 B
    92 B
    3
    2

    HTTP Request

    GET http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=fd6f167662a9e214b9bf98b02672c233&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=1580811&tdl=101171944&tds=1614120&terr=0&tes=Status|1,ErrorCode|0,DnCount|18,HttpNum|14,DnFailCount|17,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=64594&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
  • 52.29.179.141:80
    http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=9
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    597 B
    381 B
    5
    4

    HTTP Request

    GET http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=fd6f167662a9e214b9bf98b02672c233&state=9

    HTTP Response

    200
  • 204.79.197.203:443
    46 B
    1
  • 82.145.215.156:443
    https://orion.ts.360.com/installapp?c=se&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192609&checksum=17C496567C7AAE2965BFB6C6
    tls, http
    360TS_Setup.exe
    2.1kB
    7.1kB
    23
    21

    HTTP Request

    GET https://orion.ts.360.com/c?ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192608&checksum=EB1875C5387B555531D69601

    HTTP Response

    200

    HTTP Request

    GET https://orion.ts.360.com/installapp?c=se&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ver=11.0.0.1068&lan=en&os=10.0-x64&mid=fd6f167662a9e214b9bf98b02672c233&time=1703192609&checksum=17C496567C7AAE2965BFB6C6

    HTTP Response

    200
  • 20.123.104.105:443
  • 20.123.104.105:443
  • 52.142.223.178:80
  • 52.165.165.26:443
  • 20.242.39.171:443
  • 52.165.165.26:443
  • 52.165.165.26:443
  • 104.77.160.23:80
  • 151.236.118.237:80
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
  • 82.145.213.42:80
    http://s.360totalsecurity.com/safei18n/ins_pb.html?mid=fd6f167662a9e214b9bf98b02672c233&m2=3b553e985dae6ec8d6861a66ac8284f2ccb379942b99&ver=&lan=&os=10.0-x64&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ue=1&ACP=1252&GEOID=244&br=unkn_msedge.exe&promo_opr=0&rule_opr=1&param_opr=0&tt_opr=141&rr_opr=0x00000001&cerr=0MainDlg747&Percent=0&madt=v1&toat=3EFA4619721D811D37788452
    http
    360TS_Setup.exe
    739 B
    286 B
    5
    3

    HTTP Request

    GET http://s.360totalsecurity.com/safei18n/ins_pb.html?mid=fd6f167662a9e214b9bf98b02672c233&m2=3b553e985dae6ec8d6861a66ac8284f2ccb379942b99&ver=&lan=&os=10.0-x64&ch=affi.aditmedia.PB&sch=gqRjc2lkqzM1ODBfMzM3ODM2o2NpZLg2NTg0YTc5Yz&ue=1&ACP=1252&GEOID=244&br=unkn_msedge.exe&promo_opr=0&rule_opr=1&param_opr=0&tt_opr=141&rr_opr=0x00000001&cerr=0MainDlg747&Percent=0&madt=v1&toat=3EFA4619721D811D37788452

    HTTP Response

    200
  • 8.8.8.8:53
    83.177.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    83.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    st.p.360safe.com
    dns
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    62 B
    78 B
    1
    1

    DNS Request

    st.p.360safe.com

    DNS Response

    54.77.42.29

  • 224.0.0.251:5353
    56 B
    1
  • 8.8.8.8:53
    s.360safe.com
    dns
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    59 B
    125 B
    1
    1

    DNS Request

    s.360safe.com

    DNS Response

    52.29.179.141
    18.184.178.29

  • 8.8.8.8:53
    iup.360safe.com
    dns
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    61 B
    115 B
    1
    1

    DNS Request

    iup.360safe.com

    DNS Response

    151.236.118.237

  • 8.8.8.8:53
    tr.p.360safe.com
    dns
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    62 B
    78 B
    1
    1

    DNS Request

    tr.p.360safe.com

    DNS Response

    54.76.174.118

  • 54.76.174.118:80
    tr.p.360safe.com
    http
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    324 B
    4
  • 54.77.42.29:3478
    st.p.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    392 B
    7
  • 54.77.42.29:3478
    st.p.360safe.com
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    784 B
    14
  • 8.8.8.8:53
    118.174.76.54.in-addr.arpa
    dns
    72 B
    135 B
    1
    1

    DNS Request

    118.174.76.54.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    29.42.77.54.in-addr.arpa
    dns
    70 B
    131 B
    1
    1

    DNS Request

    29.42.77.54.in-addr.arpa

  • 8.8.8.8:53
    237.118.236.151.in-addr.arpa
    dns
    74 B
    134 B
    1
    1

    DNS Request

    237.118.236.151.in-addr.arpa

  • 8.8.8.8:53
    141.179.29.52.in-addr.arpa
    dns
    72 B
    138 B
    1
    1

    DNS Request

    141.179.29.52.in-addr.arpa

  • 8.8.8.8:53
    209.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    209.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    int.down.360safe.com
    dns
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    66 B
    120 B
    1
    1

    DNS Request

    int.down.360safe.com

    DNS Response

    151.236.118.237

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    sd.p.360safe.com
    dns
    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtxek0xT0RCZk16TTNPRE0ybzJOcFpMZzJOVGcwWVRjNVl6.exe
    62 B
    169 B
    1
    1

    DNS Request

    sd.p.360safe.com

    DNS Response

    18.154.56.226
    18.154.56.104
    18.154.56.170
    18.154.56.214

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    176.178.17.96.in-addr.arpa
    dns
    72 B
    1

    DNS Request

    176.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    dns
    308 B
    1

    DNS Response

    96.17.178.181
    96.17.178.173
    96.17.178.176
    96.17.178.189
    96.17.178.206
    96.17.178.210
    96.17.178.179

  • 8.8.8.8:53
    181.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    181.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    orion.ts.360.com
    dns
    360TS_Setup.exe
    62 B
    124 B
    1
    1

    DNS Request

    orion.ts.360.com

    DNS Response

    82.145.215.156

  • 8.8.8.8:53
    23.149.64.172.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    23.149.64.172.in-addr.arpa

  • 8.8.8.8:53
    156.215.145.82.in-addr.arpa
    dns
    73 B
    134 B
    1
    1

    DNS Request

    156.215.145.82.in-addr.arpa

  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
  • 8.8.8.8:53
    s.360totalsecurity.com
    dns
    360TS_Setup.exe
    136 B
    346 B
    2
    2

    DNS Request

    s.360totalsecurity.com

    DNS Request

    s.360totalsecurity.com

    DNS Response

    82.145.213.42
    82.145.213.40
    82.145.213.43
    82.145.213.41

    DNS Response

    82.145.213.42
    82.145.213.40
    82.145.213.43
    82.145.213.41

  • 8.8.8.8:53
    42.213.145.82.in-addr.arpa
    dns
    144 B
    266 B
    2
    2

    DNS Request

    42.213.145.82.in-addr.arpa

    DNS Request

    42.213.145.82.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\1703192606_0\360TS_Setup.exe

    Filesize

    209KB

    MD5

    88f2e821f4c4474b25cb88bdac8c82a2

    SHA1

    cde0c78af4e071547eb69d9e7144318aa2604ec3

    SHA256

    a62227e79da098fbe3a4c6f666660b47dd0ce11101d20c881acbedc423501cc2

    SHA512

    0a8092146216f61e1bc59fe6120dc121249f6831606018089cc7e01581b2b22b4ba3b7fca280c63b15679bce22a7da7bf2f81fb1c0cb2348d551c647bef2f1bb

  • C:\Program Files (x86)\1703192606_0\360TS_Setup.exe

    Filesize

    280KB

    MD5

    548ccdffe9fb17cbb75f51751200e01c

    SHA1

    d97fca73ecce4cb4e91d610edc379bd5447ca5f5

    SHA256

    86974f919a0893d316661d3f26a191b8c2f72335681f51033c59e5b35a825655

    SHA512

    67a1cdc8fc064918ac3d64d17e6ccbc6b7a0ffb3661f9fa83dba98fbb077b83aac2f635a26d9cd9dbc65f6a9f0985909aaf1f80cb2364f0ac679244d4fc3a127

  • C:\Users\Admin\AppData\Local\Temp\!@t44C9.tmp

    Filesize

    654B

    MD5

    e6ed35317329cdaf208d23953b94a532

    SHA1

    c28a14e41c58de811fa191bb015971922cd42c1a

    SHA256

    9a9f95a8376b94ea79e2461040bef5c53c478e97cd263e0fba6f82077b3d2705

    SHA512

    6e3f1cb58592e1bb5be23860d983ed3d7a340f86434321eadd1601a23138b47d3452b0716d5b6b683c1c593e05432a956c6a59682a55edb1daa17fecb55e7bd2

  • C:\Users\Admin\AppData\Local\Temp\!@t44C9.tmp.dir\setup.ini

    Filesize

    830B

    MD5

    5a4cdd6d16dac7d3a056f5b2753ebacd

    SHA1

    ad41d1801ab37192750d64f21f6fd24cb7ab57d9

    SHA256

    623d9b8fea2a854e05a07ea5421cea2f522d460bb628145d196059a7738dd23c

    SHA512

    1a10842a0794a1e6cc0aab4557ce7ed5eea9ab69c88c8053fd9be1e403ed4b0ba0b50989d3c95a9eeee382838e585f8380a4eb6fd9f407ca1bd04eb282501441

  • C:\Users\Admin\AppData\Local\Temp\1703192606_00000000_base\360base.dll

    Filesize

    79KB

    MD5

    7d119b97f878116faaf9a5655de306f9

    SHA1

    4a655d85340dfc1049755d971a4c67facd7a8169

    SHA256

    6db0a7adb67546d60f85a604e835da0c346bb6ab7f59899372614c1f95c25a66

    SHA512

    0edcd8c4be4daf4cdb7daef4df9cbd2b07ea0b135c8a9cd63beee41efb59df2570405c0382b17db8b9345d1a7e686e34e1f4e31f1a0fada509e4ff1111b6fefd

  • C:\Users\Admin\AppData\Local\Temp\1703192606_00000000_base\360base.dll

    Filesize

    205KB

    MD5

    6b94fa8ba2a4e0e2c97fe46549d3d9a7

    SHA1

    7b9cef652b364b05599b69a9776e118a10580b46

    SHA256

    446bbca5338084fc225accb81509150d9f3374eb5c7ec6e21ba99bd834cf5bec

    SHA512

    87d8d02b44f449fe90e3aa145abe4bbe26295e48f2b89fea87e70cfa549fcb0a715d760914f4dcf0ae115e8a313d052586c05dc7fb090c4c00d10917ae57795e

  • C:\Users\Admin\AppData\Local\Temp\1703192608_00000000_base\360base.dll

    Filesize

    199KB

    MD5

    c7c845d6de3b9094d178223563766363

    SHA1

    25715cff959d30612db0db8cef70f1bf94e588cc

    SHA256

    ba5cb47d6da4ec8f89f7187487adad13df1ea52b3c3dec3d72caa110be1d6eae

    SHA512

    d70511b022a290d86563235fda67ba3ff915609add6af3200b4e9ca15829fe46d210aa888d5ead519041b876622aa0b37b4487c7aae5427958214cc9c7dd2cbe

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

    Filesize

    464KB

    MD5

    3c1717d4d3f7be6493f26f7b277b67cf

    SHA1

    8d006d665d02384c6f55563034d28e010cab2ed0

    SHA256

    2239bc1743392552a1a539d70d10eefbe074a8397cdc7166d91a92cb0d06cc75

    SHA512

    c7edc3c6dffdbe862c26ee12fc9490d9a5e8eb1bc82d08ccb40516700c1d8e60ac23c6f8d5caf57e0206af0a76bed025fdf185068b51e920615da5c47ef43723

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

    Filesize

    190KB

    MD5

    7517247f62bb4f8f0bbb7a7471980295

    SHA1

    a43f11e196a61204f52b325fd8b71a352ea351ff

    SHA256

    4f067fc8ee0fcd10cf7b051cf64d9d396bfb988c872fc35f9dab55ab01222d38

    SHA512

    7e8a2f18f02b1a2e3b98bd27751d554822c588b10518b155e584073f9915522c7a021f1d5bcee9870feeb20cc44c56ea43bb9e754eb6e549866d34429278f348

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

    Filesize

    273KB

    MD5

    3b8c6bff1686998b4ff06be6268511e8

    SHA1

    fda2aaca5bea8f52a47d0d210aa518fd6dc4b3f1

    SHA256

    9c16c4e77fcb84740c9bf89f0b0ccb2e69fa839deec5c45beabdd03d21c2055b

    SHA512

    d70647d7d49e1cfbf42e98e876b9bfc8182d29912d1e3b5a537f3b9180bb3d83c4294227f808e2a3acfaa2e7df1f9c301a00be5afdcccdd37837fb8e79e7542d

  • C:\Users\Admin\AppData\Local\Temp\{05F75B0C-92D8-4906-AEA3-0AD97A467F0A}.tmp\360P2SP.dll

    Filesize

    92KB

    MD5

    27be16c318f2da64db835745a8d085bc

    SHA1

    23181c03354a919f0f79d607bf35e561a42cdc6f

    SHA256

    2c56dafbf7056f7ad5750f844967b90ba9379b2078d35461563c023af4d5a4fc

    SHA512

    62e89f1650e99d36683a831d632d9e67ff8b5c8be3480850c65c7a4943e132d75827fabe8a7d6e556878d7a789c602afe2daf1f8bde14a4b3d8f3d38dd8e1c46

  • C:\Users\Admin\AppData\Local\Temp\{05F75B0C-92D8-4906-AEA3-0AD97A467F0A}.tmp\360P2SP.dll

    Filesize

    149KB

    MD5

    caf0ecf9725d944ee3fb2a9ad0c9b7e5

    SHA1

    18b9753dc40c49befd2c72c0322fc9ba98908288

    SHA256

    b844ab55524ffe669228b8ecc1c2d2fea949f9400bf4c194e1f98bd9537dbae7

    SHA512

    2e735e52f8c78ddb0506e9850f847efc274a694904698facfbf21233d0fae803a23dc038efea699d465d3389960b04374a226253ad7d607165dd4a4c6b3e8c67

  • C:\Users\Admin\AppData\Local\Temp\{F6772110-CA6A-41f9-AED8-F63A3273F212}.tmp

    Filesize

    3KB

    MD5

    b1ddd3b1895d9a3013b843b3702ac2bd

    SHA1

    71349f5c577a3ae8acb5fbce27b18a203bf04ede

    SHA256

    46cda5ad256bf373f5ed0b2a20efa5275c1ffd96864c33f3727e76a3973f4b3c

    SHA512

    93e6c10c4a8465bc2e58f4c7eb300860186ddc5734599bcdad130ff9c8fd324443045eac54bbc667b058ac1fa271e5b7645320c6e3fc2f28cc5f824096830de1

  • memory/4712-37-0x0000000003E90000-0x0000000003E91000-memory.dmp

    Filesize

    4KB

  • memory/4712-13-0x0000000003E90000-0x0000000003E91000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.