Analysis

  • max time kernel
    38s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 06:53

General

  • Target

    360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe

  • Size

    1.4MB

  • MD5

    31fee2c73b8d2a8ec979775cd5f5ced7

  • SHA1

    39182a68bc0c1c07d3ddc47cd69fe3692dbac834

  • SHA256

    d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe

  • SHA512

    db51b602a8675641bc3a0a980a197243787ed12f5e0619cb1d390c91193d7e3447e3e86e2321c3ea273c6732b356003a249241d7d8a5699931810e5a35d5c650

  • SSDEEP

    24576:kL/7n6lbcC8oblv1zj1SqdAGFQZIxvC45UJoe1Z:E6+C8o5tzjYq+ZIxL5UJoeL

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
    "C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1996
    • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe" /c:"affi.aditmedia.PB" /sc:"gqRjc2lksDkzMF85MDYwYTQxZl81MDOjY2lkuDY1OT" /pmode:2
      2⤵
        PID:5104
        • C:\Program Files (x86)\1704092054_0\360TS_Setup.exe
          "C:\Program Files (x86)\1704092054_0\360TS_Setup.exe" /c:"affi.aditmedia.PB" /sc:"gqRjc2lksDkzMF85MDYwYTQxZl81MDOjY2lkuDY1OT" /pmode:2 /TSinstall
          3⤵
            PID:3096

      Network

      • flag-us
        DNS
        st.p.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        8.8.8.8:53
        Request
        st.p.360safe.com
        IN A
        Response
        st.p.360safe.com
        IN A
        54.77.42.29
      • flag-us
        DNS
        s.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        8.8.8.8:53
        Request
        s.360safe.com
        IN A
        Response
        s.360safe.com
        IN CNAME
        s.360safe.com.os-lb.com
        s.360safe.com.os-lb.com
        IN A
        52.29.179.141
        s.360safe.com.os-lb.com
        IN A
        18.184.178.29
      • flag-us
        DNS
        s.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        8.8.8.8:53
        Request
        s.360safe.com
        IN A
      • flag-us
        DNS
        iup.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        8.8.8.8:53
        Request
        iup.360safe.com
        IN A
        Response
        iup.360safe.com
        IN CNAME
        iup-qihoo360.cdnvideo.ru
        iup-qihoo360.cdnvideo.ru
        IN A
        151.236.118.237
      • flag-us
        DNS
        tr.p.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        8.8.8.8:53
        Request
        tr.p.360safe.com
        IN A
        Response
        tr.p.360safe.com
        IN A
        54.76.174.118
      • flag-de
        GET
        http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: iup.360safe.com
        Connection: Close
        Cache-Control: no-cache
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Mon, 01 Jan 2024 06:53:36 GMT
        Content-Type: application/octet-stream
        Content-Length: 654
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:13:50 GMT
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: 70c0acf7f6d8d0810958be29c17a835e
        Accept-Ranges: bytes
      • flag-us
        DNS
        29.42.77.54.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.42.77.54.in-addr.arpa
        IN PTR
        Response
        29.42.77.54.in-addr.arpa
        IN PTR
        ec2-54-77-42-29 eu-west-1compute amazonawscom
      • flag-us
        DNS
        118.174.76.54.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        118.174.76.54.in-addr.arpa
        IN PTR
        Response
        118.174.76.54.in-addr.arpa
        IN PTR
        ec2-54-76-174-118 eu-west-1compute amazonawscom
      • flag-us
        DNS
        237.118.236.151.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.118.236.151.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        71.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        71.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        int.down.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        8.8.8.8:53
        Request
        int.down.360safe.com
        IN A
        Response
        int.down.360safe.com
        IN CNAME
        int-qihoo360.cdnvideo.ru
        int-qihoo360.cdnvideo.ru
        IN A
        151.236.118.237
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Connection: Close
        Cache-Control: no-cache
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Mon, 01 Jan 2024 06:53:38 GMT
        Content-Type: application/octet-stream
        Content-Length: 101171944
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: 7518072fbe4f4a9fab22b1dc1c10b5dd
        Access-Control-Allow-Origin: *
        Accept-Ranges: bytes
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=50593792-
        Connection: Close
        Cache-Control: no-cache
        Response
        HTTP/1.1 206 Partial Content
        Server: nginx
        Date: Mon, 01 Jan 2024 06:53:38 GMT
        Content-Type: application/octet-stream
        Content-Length: 50578152
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: c1e397389aa36b8ab3621cdcdde594bb
        Access-Control-Allow-Origin: *
        Content-Range: bytes 50593792-101171943/101171944
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=25296896-
        Connection: Close
        Cache-Control: no-cache
        Response
        HTTP/1.1 206 Partial Content
        Server: nginx
        Date: Mon, 01 Jan 2024 06:53:38 GMT
        Content-Type: application/octet-stream
        Content-Length: 75875048
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: 698c373533b9d48a37102f0c55687b1c
        Access-Control-Allow-Origin: *
        Content-Range: bytes 25296896-101171943/101171944
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=75890688-
        Connection: Close
        Cache-Control: no-cache
        Response
        HTTP/1.1 206 Partial Content
        Server: nginx
        Date: Mon, 01 Jan 2024 06:53:38 GMT
        Content-Type: application/octet-stream
        Content-Length: 25281256
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: 06deb1dabb537d5abc8f27c95f6a36bc
        Access-Control-Allow-Origin: *
        Content-Range: bytes 75890688-101171943/101171944
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=12648448-
        Connection: Close
        Cache-Control: no-cache
        Response
        HTTP/1.1 206 Partial Content
        Server: nginx
        Date: Mon, 01 Jan 2024 06:53:38 GMT
        Content-Type: application/octet-stream
        Content-Length: 88523496
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: 575fd22b61e41c1d4223e7453a1c6a3d
        Access-Control-Allow-Origin: *
        Content-Range: bytes 12648448-101171943/101171944
      • flag-de
        DNS
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        52.29.179.141:80
        Response
        HTTP/1.1 200 OK
        Server: nginx/1.0.12
        Date: Mon, 01 Jan 2024 06:53:41 GMT
        Content-Type: text/html
        Content-Length: 0
        Last-Modified: Fri, 25 May 2018 09:32:19 GMT
        Connection: close
        Accept-Ranges: bytes
      • flag-de
        GET
        http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=a1cee36a1265f71e4252f0158a2fb1ec&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|1,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        52.29.179.141:80
        Request
        GET /safei18n/dimana.htm?lr=1&mid=a1cee36a1265f71e4252f0158a2fb1ec&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|1,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS HTTP/1.1
        Accept: */*
        Accept-Encoding: gzip, deflate
        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
        Host: s.360safe.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Server: nginx/1.0.12
        Date: Mon, 01 Jan 2024 06:53:46 GMT
        Content-Type: text/html
        Content-Length: 0
        Last-Modified: Fri, 25 May 2018 09:31:45 GMT
        Connection: close
        Accept-Ranges: bytes
      • flag-us
        DNS
        sd.p.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        8.8.8.8:53
        Request
        sd.p.360safe.com
        IN A
      • flag-de
        DNS
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        54.230.182.89:80
        Response
        HTTP/1.1 200 OK
        Content-Type: application/octet-stream
        Content-Length: 15680
        Connection: close
        Server: nginx
        Last-Modified: Thu, 21 Dec 2023 10:04:40 GMT
        Accept-Ranges: bytes
        Date: Mon, 01 Jan 2024 03:56:05 GMT
        X-Cache: Hit from cloudfront
        Via: 1.1 7038a0e71a25504eb98df48695c04c7a.cloudfront.net (CloudFront)
        X-Amz-Cf-Pop: HAM50-C3
        X-Amz-Cf-Id: aBCbEe6E-byjSf04XYwFrY27DWIMq6oXb2co2cpc7HeBo19Qk9fGmw==
        Age: 17390
      • flag-us
        DNS
        Remote address:
        8.8.8.8:53
        Response
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=69812224-
        Connection: Close
        Cache-Control: no-cache
      • flag-de
        DNS
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Response
        HTTP/1.1 206 Partial Content
        Server: nginx
        Date: Mon, 01 Jan 2024 06:54:05 GMT
        Content-Type: application/octet-stream
        Content-Length: 2147048
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: 5843d77822afc825d8e015984e8f8fc4
        Access-Control-Allow-Origin: *
        Content-Range: bytes 99024896-101171943/101171944
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=49905664-
        Connection: Close
        Cache-Control: no-cache
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Response
        HTTP/1.1 206 Partial Content
        Server: nginx
        Date: Mon, 01 Jan 2024 06:54:09 GMT
        Content-Type: application/octet-stream
        Content-Length: 50922216
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: 357077592350b39ad68cffc8f0b93c7c
        Access-Control-Allow-Origin: *
        Content-Range: bytes 50249728-101171943/101171944
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=50249728-
        Connection: Close
        Cache-Control: no-cache
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=70598656-
        Connection: Close
        Cache-Control: no-cache
        Response
        HTTP/1.1 206 Partial Content
        Server: nginx
        Date: Mon, 01 Jan 2024 06:54:09 GMT
        Content-Type: application/octet-stream
        Content-Length: 30573288
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: 390aec69930bd42fb3b94a206d2951b9
        Access-Control-Allow-Origin: *
        Content-Range: bytes 70598656-101171943/101171944
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=70336512-
        Connection: Close
        Cache-Control: no-cache
        Response
        HTTP/1.1 206 Partial Content
        Server: nginx
        Date: Mon, 01 Jan 2024 06:54:10 GMT
        Content-Type: application/octet-stream
        Content-Length: 30835432
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: 8c29d5b5b329295dacd20a547d280b23
        Access-Control-Allow-Origin: *
        Content-Range: bytes 70336512-101171943/101171944
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
      • flag-de
        GET
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        151.236.118.237:80
        Response
        HTTP/1.1 206 Partial Content
        Server: nginx
        Date: Mon, 01 Jan 2024 06:54:10 GMT
        Content-Type: application/octet-stream
        Content-Length: 30704360
        Connection: close
        Last-Modified: Thu, 21 Dec 2023 10:06:31 GMT
        Expires: Mon, 01 Jan 2024 06:57:11 GMT
        Cache-Control: max-age=600
        X-CDN-Edge-Cache: HIT
        X-CDN-Edge-Id: 311
        X-CDN-Request-Id: f4a0dba005383a701a07ef19a9bf902f
        Access-Control-Allow-Origin: *
        Content-Range: bytes 70467584-101171943/101171944
        Request
        GET /totalsecurity/360TS_Setup_11.0.0.1068.exe HTTP/1.1
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
        Host: int.down.360safe.com
        Range: bytes=70467584-
        Connection: Close
        Cache-Control: no-cache
      • flag-de
        GET
        http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=a1cee36a1265f71e4252f0158a2fb1ec&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=2975645&tdl=101171944&tds=2511834&terr=0&tes=Status|1,ErrorCode|0,DnCount|17,HttpNum|15,DnFailCount|18,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=34203&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        Remote address:
        52.29.179.141:80
        Request
        GET /safei18n/dimana.htm?lr=1&mid=a1cee36a1265f71e4252f0158a2fb1ec&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=2975645&tdl=101171944&tds=2511834&terr=0&tes=Status|1,ErrorCode|0,DnCount|17,HttpNum|15,DnFailCount|18,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=34203&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS HTTP/1.1
        Accept: */*
        Accept-Encoding: gzip, deflate
        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
        Host: s.360safe.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Server: nginx/1.0.12
        Date: Mon, 01 Jan 2024 06:54:16 GMT
        Content-Type: text/html
        Content-Length: 0
        Last-Modified: Fri, 25 May 2018 09:31:45 GMT
        Connection: close
        Accept-Ranges: bytes
      • flag-us
        DNS
        18.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.134.221.88.in-addr.arpa
        IN PTR
        Response
        18.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-18deploystaticakamaitechnologiescom
      • flag-de
        GET
        http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=a1cee36a1265f71e4252f0158a2fb1ec&state=9
        Remote address:
        52.29.179.141:80
        Request
        GET /360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=a1cee36a1265f71e4252f0158a2fb1ec&state=9 HTTP/1.1
        Accept: */*
        Accept-Encoding: gzip, deflate
        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
        Host: s.360safe.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Server: nginx/1.0.12
        Date: Mon, 01 Jan 2024 06:54:15 GMT
        Content-Type: text/html
        Content-Length: 0
        Last-Modified: Fri, 25 May 2018 09:32:19 GMT
        Connection: close
        Accept-Ranges: bytes
      • flag-us
        DNS
        orion.ts.360.com
        Remote address:
        8.8.8.8:53
        Request
        orion.ts.360.com
        IN A
        Response
        orion.ts.360.com
        IN CNAME
        orion.ts.360.com.awsr53.qihucdn.com
        orion.ts.360.com.awsr53.qihucdn.com
        IN A
        82.145.215.156
      • flag-us
        DNS
        156.215.145.82.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        156.215.145.82.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        156.215.145.82.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        156.215.145.82.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        23.149.64.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.149.64.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        23.149.64.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.149.64.172.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        57.169.31.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.169.31.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        57.169.31.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.169.31.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        57.169.31.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.169.31.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        13.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • 151.236.118.237:80
        iup.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        52 B
        1
      • 151.236.118.237:80
        http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        440 B
        1.1kB
        5
        4

        HTTP Request

        GET http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab

        HTTP Response

        200
      • 151.236.118.237:80
        iup.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        98 B
        52 B
        2
        1
      • 151.236.118.237:80
        iup.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        98 B
        52 B
        2
        1
      • 151.236.118.237:80
        iup.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        98 B
        52 B
        2
        1
      • 151.236.118.237:80
        iup.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        98 B
        52 B
        2
        1
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        148.0kB
        3.9MB
        2417
        2827

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

        HTTP Response

        200
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        176.2kB
        5.1MB
        3022
        3642

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

        HTTP Response

        206
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        217.7kB
        6.2MB
        3679
        4466

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

        HTTP Response

        206
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        161.6kB
        4.7MB
        2772
        3388

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

        HTTP Response

        206
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        103.7kB
        2.9MB
        1729
        2060

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

        HTTP Response

        206
      • 52.29.179.141:80
        s.360safe.com
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        288 B
        329 B
        6
        3

        HTTP Response

        200
      • 52.29.179.141:80
        http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=a1cee36a1265f71e4252f0158a2fb1ec&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|1,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        969 B
        421 B
        7
        5

        HTTP Request

        GET http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=a1cee36a1265f71e4252f0158a2fb1ec&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=654&terr=0&tes=Status|1,ErrorCode|0,DnCount|1,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS

        HTTP Response

        200
      • 151.236.118.237:80
        int.down.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        17.5kB
        426.1kB
        276
        306
      • 54.230.182.89:80
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        368 B
        16.7kB
        8
        14

        HTTP Response

        200
      • 20.123.104.105:443
        tls
        3.6kB
        625 B
        8
        6
      • 204.79.197.203:443
        tls
        2.6kB
        13.9kB
        22
        20
      • 192.229.221.95:80
      • 20.123.104.105:443
        tls
        2.6kB
        573 B
        7
        5
      • 151.236.118.237:80
        int.down.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        16.2kB
        513.6kB
        284
        369
      • 4.231.128.59:443
      • 151.236.118.237:80
        int.down.360safe.com
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        9.0kB
        259.8kB
        149
        188

        HTTP Response

        206
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        4.9kB
        103.4kB
        75
        74

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        427 B
        104 B
        4
        2

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
      • 20.166.126.56:443
        tls, https
        406 B
        118 B
        4
        2
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        5.5kB
        179.4kB
        98
        131

        HTTP Response

        206

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        8.9kB
        275.7kB
        168
        198

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

        HTTP Response

        206
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        10.3kB
        269.7kB
        188
        196

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe

        HTTP Response

        206
      • 151.236.118.237:80
        http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        6.0kB
        201.8kB
        104
        147

        HTTP Response

        206

        HTTP Request

        GET http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1068.exe
      • 151.236.118.237:80
        int.down.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        196 B
        52 B
        4
        1
      • 151.236.118.237:80
        int.down.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        242 B
        156 B
        5
        3
      • 151.236.118.237:80
        int.down.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        46 B
        52 B
        1
        1
      • 151.236.118.237:80
        int.down.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        144 B
        52 B
        3
        1
      • 52.29.179.141:80
        http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=a1cee36a1265f71e4252f0158a2fb1ec&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=2975645&tdl=101171944&tds=2511834&terr=0&tes=Status|1,ErrorCode|0,DnCount|17,HttpNum|15,DnFailCount|18,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=34203&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        1.1kB
        421 B
        10
        5

        HTTP Request

        GET http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=a1cee36a1265f71e4252f0158a2fb1ec&mod=360Installer.exe&ph=62D5B6A7C4AA1EA5C647B2F5BC234825&p2p=1&t_id=360TS_Setup.exe&tads=2975645&tdl=101171944&tds=2511834&terr=0&tes=Status|1,ErrorCode|0,DnCount|17,HttpNum|15,DnFailCount|18,FStatus|1,P2SS|101171944,P2PS|0,PDMode|3&tfl=101171944&tp=t&tst=1&ttdl=101171944&ttm=34203&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS

        HTTP Response

        200
      • 52.29.179.141:80
        http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=a1cee36a1265f71e4252f0158a2fb1ec&state=9
        http
        695 B
        421 B
        7
        5

        HTTP Request

        GET http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=101&os=10.0&mid=a1cee36a1265f71e4252f0158a2fb1ec&state=9

        HTTP Response

        200
      • 82.145.215.156:443
        orion.ts.360.com
        tls
        1.8kB
        6.5kB
        17
        12
      • 82.145.215.156:443
        orion.ts.360.com
        tls
        1.4kB
        6.5kB
        14
        11
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.2kB
        8.3kB
        15
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.2kB
        8.3kB
        15
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.2kB
        8.2kB
        15
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        60.0kB
        1.7MB
        1227
        1216
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.2kB
        8.3kB
        15
        14
      • 8.8.8.8:53
        st.p.360safe.com
        dns
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        62 B
        78 B
        1
        1

        DNS Request

        st.p.360safe.com

        DNS Response

        54.77.42.29

      • 8.8.8.8:53
        s.360safe.com
        dns
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        118 B
        125 B
        2
        1

        DNS Request

        s.360safe.com

        DNS Request

        s.360safe.com

        DNS Response

        52.29.179.141
        18.184.178.29

      • 224.0.0.251:5353
        56 B
        1
      • 8.8.8.8:53
        iup.360safe.com
        dns
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        61 B
        115 B
        1
        1

        DNS Request

        iup.360safe.com

        DNS Response

        151.236.118.237

      • 8.8.8.8:53
        tr.p.360safe.com
        dns
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        62 B
        78 B
        1
        1

        DNS Request

        tr.p.360safe.com

        DNS Response

        54.76.174.118

      • 54.77.42.29:3478
        st.p.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        392 B
        7
      • 54.77.42.29:3478
        st.p.360safe.com
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        784 B
        14
      • 54.76.174.118:80
        tr.p.360safe.com
        http
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        240 B
        3
      • 8.8.8.8:53
        29.42.77.54.in-addr.arpa
        dns
        70 B
        131 B
        1
        1

        DNS Request

        29.42.77.54.in-addr.arpa

      • 8.8.8.8:53
        118.174.76.54.in-addr.arpa
        dns
        72 B
        135 B
        1
        1

        DNS Request

        118.174.76.54.in-addr.arpa

      • 8.8.8.8:53
        237.118.236.151.in-addr.arpa
        dns
        74 B
        134 B
        1
        1

        DNS Request

        237.118.236.151.in-addr.arpa

      • 8.8.8.8:53
        71.159.190.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        71.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        int.down.360safe.com
        dns
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        66 B
        120 B
        1
        1

        DNS Request

        int.down.360safe.com

        DNS Response

        151.236.118.237

      • 8.8.8.8:53
        sd.p.360safe.com
        dns
        360TS_Setup_Mini.h1.YWZmaS5hZGl0bWVkaWEuUEI.Z3FSamMybGtzRGt6TUY4NU1EWXdZVFF4Wmw4MU1ET2pZMmxrdURZMU9U.exe
        62 B
        1

        DNS Request

        sd.p.360safe.com

      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
        dns
        157 B
        1
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        144 B
        158 B
        2
        1

        DNS Request

        56.126.166.20.in-addr.arpa

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        18.134.221.88.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        18.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        orion.ts.360.com
        dns
        62 B
        124 B
        1
        1

        DNS Request

        orion.ts.360.com

        DNS Response

        82.145.215.156

      • 8.8.8.8:53
        156.215.145.82.in-addr.arpa
        dns
        146 B
        134 B
        2
        1

        DNS Request

        156.215.145.82.in-addr.arpa

        DNS Request

        156.215.145.82.in-addr.arpa

      • 8.8.8.8:53
        23.149.64.172.in-addr.arpa
        dns
        144 B
        134 B
        2
        1

        DNS Request

        23.149.64.172.in-addr.arpa

        DNS Request

        23.149.64.172.in-addr.arpa

      • 8.8.8.8:53
        57.169.31.20.in-addr.arpa
        dns
        213 B
        157 B
        3
        1

        DNS Request

        57.169.31.20.in-addr.arpa

        DNS Request

        57.169.31.20.in-addr.arpa

        DNS Request

        57.169.31.20.in-addr.arpa

      • 8.8.8.8:53
        13.227.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        13.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
        173 B
        1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        73 B
        106 B
        1
        1

        DNS Request

        200.197.79.204.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\!@t4E7E.tmp

        Filesize

        654B

        MD5

        e6ed35317329cdaf208d23953b94a532

        SHA1

        c28a14e41c58de811fa191bb015971922cd42c1a

        SHA256

        9a9f95a8376b94ea79e2461040bef5c53c478e97cd263e0fba6f82077b3d2705

        SHA512

        6e3f1cb58592e1bb5be23860d983ed3d7a340f86434321eadd1601a23138b47d3452b0716d5b6b683c1c593e05432a956c6a59682a55edb1daa17fecb55e7bd2

      • C:\Users\Admin\AppData\Local\Temp\!@t4E7E.tmp.dir\setup.ini

        Filesize

        830B

        MD5

        5a4cdd6d16dac7d3a056f5b2753ebacd

        SHA1

        ad41d1801ab37192750d64f21f6fd24cb7ab57d9

        SHA256

        623d9b8fea2a854e05a07ea5421cea2f522d460bb628145d196059a7738dd23c

        SHA512

        1a10842a0794a1e6cc0aab4557ce7ed5eea9ab69c88c8053fd9be1e403ed4b0ba0b50989d3c95a9eeee382838e585f8380a4eb6fd9f407ca1bd04eb282501441

      • C:\Users\Admin\AppData\Local\Temp\{C6AF2D1C-E9A1-4c70-B04D-45742B33E1EC}.tmp\360P2SP.dll

        Filesize

        102KB

        MD5

        eb8acd4aba56547c893fb9e3a9496a90

        SHA1

        449e338203823a8333f83d7c122408687ec7dea5

        SHA256

        b09ee13d512f7de6500c9d7ebad7f8232c1f443008c3af34660dd7c440518224

        SHA512

        7cc84cc69e80079d0cedd6b87376af6efe524923b3872c532958de1da7ada49cc972ee75b28a2b4472dd71076f3cff95cdf3c9e8536f3a5a6ec38ca1072c8ca7

      • memory/1996-13-0x0000000003C10000-0x0000000003C11000-memory.dmp

        Filesize

        4KB

      • memory/1996-37-0x0000000003C10000-0x0000000003C11000-memory.dmp

        Filesize

        4KB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.