Analysis Overview
SHA256
7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188
Threat Level: Shows suspicious behavior
The file 7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks BIOS information in registry
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Enumerates connected drives
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Enumerates system info in registry
Modifies system certificate store
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-11 14:19
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-11 14:19
Reported
2024-11-11 14:22
Platform
win7-20240903-en
Max time kernel
142s
Max time network
123s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~972560925467056277~\sg.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
Loads dropped DLL
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\360DrvMgr.exe = "8000" | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE\360DrvMgr.exe = "8000" | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188.exe
"C:\Users\Admin\AppData\Local\Temp\7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188.exe"
C:\Windows\system32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\~972560925467056277~\sg.tmp
7zG_exe x "C:\Users\Admin\AppData\Local\Temp\7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188.exe" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~4272876833651210167"
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe
"C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | conf.wsm.360.cn | udp |
| US | 104.192.110.254:80 | conf.wsm.360.cn | tcp |
| US | 8.8.8.8:53 | res.qhsetup.com | udp |
| CN | 1.192.137.108:80 | res.qhsetup.com | tcp |
| CN | 1.192.137.108:80 | res.qhsetup.com | tcp |
| CN | 1.192.137.108:80 | res.qhsetup.com | tcp |
| US | 8.8.8.8:53 | dm.weishi.360.cn | udp |
| CN | 106.63.103.7:443 | dm.weishi.360.cn | tcp |
| CN | 106.39.219.55:80 | res.qhsetup.com | tcp |
| CN | 106.39.219.55:80 | res.qhsetup.com | tcp |
| CN | 106.39.219.55:80 | res.qhsetup.com | tcp |
| CN | 180.163.237.138:80 | res.qhsetup.com | tcp |
| CN | 180.163.237.138:80 | res.qhsetup.com | tcp |
| CN | 180.163.237.138:80 | res.qhsetup.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.18:80 | crl.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\~972560925467056277~\sg.tmp
| MD5 | 7c4718943bd3f66ebdb47ccca72c7b1e |
| SHA1 | f9edfaa7adb8fa528b2e61b2b251f18da10a6969 |
| SHA256 | 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc |
| SHA512 | e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516 |
\Users\Admin\AppData\Local\Temp\~4272876833651210167\360DrvMgr.exe
| MD5 | b05427e95473bf8af9d9672123311c39 |
| SHA1 | a97b786b99de1b8b9b37589836b2215951eb4d16 |
| SHA256 | a8456ac02baca984ae32e84d1e7ca767b0705a1d5156539fb618c7c1e7059837 |
| SHA512 | 876417bd046bbd378c395b13a94266f108117a396a767652b6c306d76dbedd6a81aa7e9183375a55b004beeab4736a139104967d4c9b8e764744c9a612fa84da |
memory/2532-104-0x0000000077C50000-0x0000000077C60000-memory.dmp
memory/2532-103-0x0000000077C50000-0x0000000077C60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\SignHelper.dll
| MD5 | a60df7bdf1ab9583e8bf7b38f2eca0a3 |
| SHA1 | 528064b42f0470e785e896df67b41c6335f176a6 |
| SHA256 | 4c20f1868b4ee71cca4d399b947f7942460a4074f2942ba90f382c2476b96978 |
| SHA512 | 7fd219bf83e63dae70dfc79ad1978cefa4a9aec27b69f6e7f0b6e26678c988f8e4dda88f8d000cc20a1b0fdcdd69c24c56eab9a70c242630e902fe1b2d47eea2 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\pdown.dll
| MD5 | 48a849ff04150b2ec0836ab6bb32590a |
| SHA1 | 1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3 |
| SHA256 | ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62 |
| SHA512 | b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\NetBridge.dll
| MD5 | 9d145902fb5b9a6da62ac85761434e31 |
| SHA1 | c817d77f59e3767d75cf5f5298d6b5711308f7e5 |
| SHA256 | 98d795d55329b1057f4fd590468e648a8c34b620207fd9a0a6953f3e98d1ea43 |
| SHA512 | bbb3109bcd5ded909bfdaeb7f4f006fc5928a9bc501bad5ae8ba9805bc0d924a2c4da8bbd215480db936d663852abd9b0435fa241a40224a4cd93c4b7aff79a9 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\MiniUI.dll
| MD5 | 043365f793b1672fc80aaebde3b22929 |
| SHA1 | be526a544e7af66b573b29ee7100374e9deb9a1f |
| SHA256 | 2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23 |
| SHA512 | efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\LiveUpd360.dll
| MD5 | e2ab61cd7dd7c8443719460140737b09 |
| SHA1 | d07424aaf894aa68bab5c7cc829e54f69f466338 |
| SHA256 | 0439f9f3a68e14ee28c718ac334f9318f97858ab5430e4fa2e82eb355ed446d6 |
| SHA512 | c608aa5fd10849f5efcc74ffb02bfc59c1cd943154b30f2e2174e30543708f3b92d020d39ae36b9dd2e90c2171863b5a610ab18248d430c974853fe0a810df60 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\dynlenv.dll
| MD5 | 61bda655c88ce843905ce63a2d5669e4 |
| SHA1 | 532304d12d6e1a740e01cf03b3439301d2c6c85d |
| SHA256 | fa7daa6a0e13f9112de63313caf4d06081aee0c7e79b5937cff0519bb4c0bbd4 |
| SHA512 | ad9c4f862747ff55ac506ea8b9d4a84a7d0c15d9cb8e9c987722141b9c33957d6aed44b59f0d85a068431ec2b85061b6c27d38011b8dca1675905aaaf6e37bf2 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\DrvMgrUI.dll
| MD5 | 47e593bd9f923a22d98f02ceda6aa420 |
| SHA1 | 24861e317c5dbb60d780ce592b58379df6817baa |
| SHA256 | 4b885265c0f72a6df3ab6ba8ac5cb0cbaf7e8c1fb50c431e51e6a559eb4a27cc |
| SHA512 | ee84d60d019434e3d8f8f47ede08cd79e667b74070cc631783138eaa06f8cfd0088f0b0e6d657dfde458cbe3f63aaccc1e6b31cc0c9e6c37a38e06c66f3d9eb6 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\DrvmgrCore.dll
| MD5 | 4fc36faaa9b7c855c9f06ed6dadfdd6e |
| SHA1 | 3722a0512d53312fa77e9477906ef677616a37db |
| SHA256 | 1e6fcd8985cb5ec59d42dae04ec3cede86c1d423e139c0ce2f66722768e4ec02 |
| SHA512 | c976a88ab168564bbf993aa6eb20ddb1bbe13b6fd9044021b889aa24b5b83d65f4ddd08c8b8714f08fdde164657fc4a8e9c52306186dd7f1897d7f3576547ccc |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\DownloadMgr.dll
| MD5 | 29cf1d28db1a5c5d68b5e0cce6c81db0 |
| SHA1 | 84af3d92647f8068bf6b20c2fb1937a2c1d05bb0 |
| SHA256 | b4e3b9f375c360eec4fe7d811e0476a9a8a03fc632d890342e4c5db957ef481e |
| SHA512 | 1c5bc96d1f6ebd4d5abbc2d06fea90cf5509fb258f3e691507a3c7f1d351b230bdb2848a4d50f40bc258daa9823f920730860d6f203356d7b7584c03ccdca6ec |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\DIFxAPI_x86.dll
| MD5 | 1bd976dd77b31fe0f25708ad5c1351ae |
| SHA1 | 50d075688835df04484f0b93792a530cb47a1872 |
| SHA256 | b3c28941ceb057de44d9c322a38bb0f63c62d7ffbd91cf7970964413978f8eb7 |
| SHA512 | d58c2be88941c15214c51c59923437863a94db7b8080ead69017f7cce19d256dbe4d1d8498762476c75c26773dfba1aaff3bed615589ebf4b39df78df1b50b35 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\DataMgr.dll
| MD5 | cfd6ef9ed6c8585bb8b2b4a8e5b87af9 |
| SHA1 | 2c476cf6651a5f9b3846aaae3a4eb6dd6b33b7f9 |
| SHA256 | da1778e29b935609b2a686fab65e7903d2206c7468bdb1f9e2408ded03b3a6d0 |
| SHA512 | f7d4a8ecc31a8b25b396619f71047f00ae682c8950731467f6ccd98352c8c9f64fe33423464aed12a789143cc4f0d532e5a27fce476b3bcd7e79e00081d51688 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\ComputerZ_HardwareDll.dll
| MD5 | 5643fac7fb90bdb3d45178861116c9ec |
| SHA1 | 7d930a0823e7fcc91f5ff38615f4ad304a770968 |
| SHA256 | c5940597b6ff5bd4aa083c7b4fe41b538e187a176953fecd790d295dc17dcf95 |
| SHA512 | 6132fd6c50aeb38f22f3ac9e502676bd121801a603b18f9afb3a19fc07aeddaace3cede11fc90cb7569481f7b5331cd24d5840ee275239efe5313af040d66fde |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\ComputerZ5.dll
| MD5 | d8308aa7cc08c3a56c9187029db56702 |
| SHA1 | f8a1b97e321660d814d4d01f03911f6da0caed9d |
| SHA256 | 850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8 |
| SHA512 | 0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\ComputerZ2.dll
| MD5 | a75f38215a115f9260b58cdd935d7d81 |
| SHA1 | dbb7d9d7e69cd5f2f4cda49bebc0fd922316a866 |
| SHA256 | 102459b35d0b36f915b2cafc2e083d95f4e042815c732a2520dfb646efae4cd1 |
| SHA512 | 3eeacb82ed9e61d9dc8fec13c2f87fd07b90a5052dd1a3482ee4cdb5122db77587078e7966bf72d73b776973bac09f53f37081f4af0828f1a914c0cd31d03ce9 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\ComputerZ1.dll
| MD5 | 6dbf812d5b61f30a21ddccaec30b4452 |
| SHA1 | 4778e2d043ac593193e5e15056bb98bba564c246 |
| SHA256 | 197c529acff08fbc13b11010d95c270e50ddd867f783cfec598c5f831f847033 |
| SHA512 | 7b9506902c1d0a6b8b74e068be87a7d4fec8a96b3d1b05d06d533d4ef995abc7e2ce24a8d37e38b19b62ad5b316e10831c220df44360a15a6b89e18767bea699 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\atiags32.dll
| MD5 | a1f7d080d2a00a9ddca9a469c29663c0 |
| SHA1 | 9fa6b676b9509eead040415ca13a097118ae2175 |
| SHA256 | 81b7e8a1c0073f6b7c4188216a94e5ab6420844e1acb122d93fab4c6bc14eebe |
| SHA512 | eef12054ace42f07b05b371aa51164bbbfd65120b111e375eaec30537c232ae85022dd1bf424ed94a8d97eb216919cc5857e332029778b93faa8064555e4e07e |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\7za.dll
| MD5 | 34f4329522a2b16d1bc9ad4ab58d9fc1 |
| SHA1 | 04ec3c21a59a15a85b29bead3733f0ceccce8680 |
| SHA256 | fc07200668d45a640bbd5f6997851e31a20941fcb661f8e09469899becebdf8a |
| SHA512 | ab8efc3dee9319401634dc3d8e6fe8282dc14a6058cf923af2d69656e58ed3724cfd5d466801fcf0bf53510f5b3197986972240693e4b1bbdcc9ae562ae0eb6c |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360P2SP.dll
| MD5 | 75ae5114927b0200ea73e016211ae572 |
| SHA1 | 15ae658c082afcab51ade61b8ed6699a978b5e05 |
| SHA256 | 8e38aeb187edd59329007fe10d2b509e5566256e993a127902d57bac66b17346 |
| SHA512 | ae65e304fc669b98c5d137c4e7cba591e075b9d1b588af1d7eea2458776c29b2a2ccd06ea37aeb89d0cd0ebcb155aec7a6a0a842da4ac36f9b512049967e59fc |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360NetUL.dll
| MD5 | 240e9b9b2b3f2a134070b7d5084278d3 |
| SHA1 | a39ce3213f364ec8435833afa36619e6d6fd24b0 |
| SHA256 | 003e2f8225ae4bfe3487dea759c6e44176fb96ff89fb162904c7c923e9c78720 |
| SHA512 | 2cdd9cd946b4a6df110f22197290090c1b4b734c9b9120e6403866342b17c50cd8a71d566ff0f284a03b5202af9f06248de71da1314486dbed58a64225cf5745 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360NetBase.dll
| MD5 | 14c6b4bbd31f6fd13530bc941cc71d1a |
| SHA1 | ce4e38ac82a54f64d318507ddc28f9ffbb378f0f |
| SHA256 | 401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5 |
| SHA512 | c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360net.dll
| MD5 | 2bca9e782840c8214dbc3ef6ee64404c |
| SHA1 | 9144db795c7b092ac55a5b59c0eb569e3432cfec |
| SHA256 | 1320ce2bf517978d3c65cf9cb8390318f3ea1896ef10a66b53a1832792341c62 |
| SHA512 | 87188cdd4d581c9b20bb36451f0376837bfe5489b685dc28a902af441f0681ff89922138d1a160f4d926189b2ae491a7fb7158c60596116f9f09e6c9516d5c6b |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360Base.dll
| MD5 | a73cf0457df35fab74ef3393d2766667 |
| SHA1 | c123e15967e7ab980eba5431a6993e646500befd |
| SHA256 | df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd |
| SHA512 | faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\ScriptExecute.exe
| MD5 | 8b88753a733fd8fc0f12d2ea266b9afd |
| SHA1 | 2f9181e8ec946a1d0276e0c8b9a9b21bff3ad210 |
| SHA256 | 914dd14b89dc73afffaf8abb1d382cc16223e9049aa4437821e8759fc67ad417 |
| SHA512 | c545ca9b8ea7d6cd858737c904d8f9d003f44525e209bdabcad912def33279c848205fcbc727d81a266e61fffcb651915975e64686b9caedf2deb8b1e803129d |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\config\defaultskin\defaultskin.ui
| MD5 | 0cc06e728803d0cdeedda92e04313e6c |
| SHA1 | 62e897041bdbf18ca65f6c452abcb557e17c0ded |
| SHA256 | 3fb6414e92be15821c674a6e72295e75747e9734c827ac14e85479d4720f2b33 |
| SHA512 | 72afb68bf2078e459cf2e37481c61ff172dd224f5b089bf9903b0c55660aecfdcb98622c0b04fe88edae0e2e25c0eb640cffafc7343bbe5d67ef137397678936 |
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\config\config.xml
| MD5 | 583e167ba709fec11044409c6b09d04f |
| SHA1 | 27b363d8b5dee2df351a5d41e6f14b6156db190f |
| SHA256 | ea5f4faf853767718beef85023fcd9e13cca2127ebb3c17331903779db2916a0 |
| SHA512 | bebb16e99340d9264b7ae4cfd1562243a8cef688d3585968046c68020f19de587668485017f74368c20b686f5543bb319cc02665a3cdbb890eb47ffa4ce2a20e |
memory/2532-109-0x0000000002A00000-0x0000000002B9E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\config\defaultskin\miniui.xml
| MD5 | 1c7fad425e4dc4787174876b6725c5de |
| SHA1 | 6bf7f9afb666636bea1cef7eca6ebc32f4b344a2 |
| SHA256 | ee451d9f3d84226bcd456f193e1e79ebfbd1f24b961b25770c40df93ee7ca494 |
| SHA512 | ab02ca7851e6a859244edea31b3cf931a14937ec9ad2274c49a1aedb5a258360f653d7d5e76b9c6166633c4c284db9be277ae584d89641a99da3c77564f8b57d |
memory/2532-118-0x00000000032C0000-0x00000000032C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\360DrvMgr\Config.ini
| MD5 | 6d63813c12ca56d6240cff46d9a46330 |
| SHA1 | 8d7f01db6d3bc11e730b0fd3b40635bf526c450b |
| SHA256 | 50291f46574a12702ea22f58928817ef88230c246149a13e2cc80447aa2e54c5 |
| SHA512 | 42623fd6583b80b75a2cb819c6a8c16b2c074ff09c8aa29d22e9678b1d53afe74700ef29624a0cd6f10ec5850a077ee6591a8d99ac9127bcbb03ac3e66249045 |
C:\Users\Admin\AppData\Local\Temp\CabED4E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF636.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/2532-157-0x00000000032C0000-0x00000000032C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~4272876833651210167\360LibDrvmgr.dat
| MD5 | fa664c90f221342497fd9fcc2323b806 |
| SHA1 | d994329dc6e1ed71fb678717347ccab512680e13 |
| SHA256 | ef96ddf1fd0433df9bbff78c23505f884d86e580fcf86460ab2b5cd093cced6a |
| SHA512 | c4d6195f24c28c8b77c2918877f9eac829f01cf50513bd165924a5c955e5bd7d58cb675411ef00d6a1bcb274d37aafb171b5077f090b5ccbca35f7e1743616e6 |
C:\Users\Admin\AppData\Roaming\360DrvMgr\Config.ini
| MD5 | d4d0336de20b181d871aa3aeff3d5b4e |
| SHA1 | 480030eaadf41f80738345e545f7d9925269ce66 |
| SHA256 | 1fdc204b004c91a395b9c221666b4e5b7b8dd428ca04278823c51005f400b3fa |
| SHA512 | 1c9812e98d995b42e3aeaf8e5475ac80f9a9f048be4bb01bbf089f73e97a7124f09e91cf131bf6c96692bb2275028fce3542318214097c535365aad51881c86d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-11 14:19
Reported
2024-11-11 14:22
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
135s
Command Line
Signatures
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~6502748858780307207~\sg.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
Loads dropped DLL
Enumerates connected drives
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\INF\c_diskdrive.PNF | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| File created | C:\Windows\INF\c_volume.PNF | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| File created | C:\Windows\INF\c_processor.PNF | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| File created | C:\Windows\INF\c_media.PNF | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| File created | C:\Windows\INF\c_display.PNF | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| File created | C:\Windows\INF\c_monitor.PNF | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LocationInformation | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE\360DrvMgr.exe = "8000" | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\360DrvMgr.exe = "8000" | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188.exe
"C:\Users\Admin\AppData\Local\Temp\7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\~6502748858780307207~\sg.tmp
7zG_exe x "C:\Users\Admin\AppData\Local\Temp\7ac10aa947210d5f3e801973b6b4552cc5578085bb443774527dfc1093fb2188.exe" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~7333111046772601544"
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe
"C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe"
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe
"C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| N/A | 10.127.0.1:12000 | tcp | |
| US | 8.8.8.8:53 | conf.wsm.360.cn | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 104.192.110.254:80 | conf.wsm.360.cn | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.110.192.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.qhsetup.com | udp |
| US | 8.8.8.8:53 | dm.weishi.360.cn | udp |
| CN | 106.63.103.7:443 | dm.weishi.360.cn | tcp |
| CN | 180.163.237.138:80 | res.qhsetup.com | tcp |
| US | 8.8.8.8:53 | www.ludashi.com | udp |
| CN | 114.116.48.235:80 | www.ludashi.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| CN | 1.192.137.108:80 | res.qhsetup.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| CN | 106.39.219.55:80 | res.qhsetup.com | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 114.116.48.235:80 | www.ludashi.com | tcp |
| US | 8.8.8.8:53 | l.public.ludashi.com | udp |
| CN | 118.190.210.73:80 | l.public.ludashi.com | tcp |
| CN | 118.190.210.73:80 | l.public.ludashi.com | tcp |
| US | 8.8.8.8:53 | s.ludashi.com | udp |
| CN | 106.15.48.27:80 | s.ludashi.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 106.15.48.27:80 | s.ludashi.com | tcp |
| CN | 114.116.48.235:80 | www.ludashi.com | tcp |
| CN | 118.190.210.73:80 | l.public.ludashi.com | tcp |
| CN | 106.15.48.27:80 | s.ludashi.com | tcp |
| CN | 106.15.48.27:80 | s.ludashi.com | tcp |
| US | 8.8.8.8:53 | paint.ludashi.com | udp |
| CN | 47.104.109.169:80 | paint.ludashi.com | tcp |
| CN | 106.15.48.27:80 | s.ludashi.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\~6502748858780307207~\sg.tmp
| MD5 | 7c4718943bd3f66ebdb47ccca72c7b1e |
| SHA1 | f9edfaa7adb8fa528b2e61b2b251f18da10a6969 |
| SHA256 | 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc |
| SHA512 | e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360DrvMgr.exe
| MD5 | b05427e95473bf8af9d9672123311c39 |
| SHA1 | a97b786b99de1b8b9b37589836b2215951eb4d16 |
| SHA256 | a8456ac02baca984ae32e84d1e7ca767b0705a1d5156539fb618c7c1e7059837 |
| SHA512 | 876417bd046bbd378c395b13a94266f108117a396a767652b6c306d76dbedd6a81aa7e9183375a55b004beeab4736a139104967d4c9b8e764744c9a612fa84da |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360net.dll
| MD5 | 2bca9e782840c8214dbc3ef6ee64404c |
| SHA1 | 9144db795c7b092ac55a5b59c0eb569e3432cfec |
| SHA256 | 1320ce2bf517978d3c65cf9cb8390318f3ea1896ef10a66b53a1832792341c62 |
| SHA512 | 87188cdd4d581c9b20bb36451f0376837bfe5489b685dc28a902af441f0681ff89922138d1a160f4d926189b2ae491a7fb7158c60596116f9f09e6c9516d5c6b |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ_HardwareDll.dll
| MD5 | 5643fac7fb90bdb3d45178861116c9ec |
| SHA1 | 7d930a0823e7fcc91f5ff38615f4ad304a770968 |
| SHA256 | c5940597b6ff5bd4aa083c7b4fe41b538e187a176953fecd790d295dc17dcf95 |
| SHA512 | 6132fd6c50aeb38f22f3ac9e502676bd121801a603b18f9afb3a19fc07aeddaace3cede11fc90cb7569481f7b5331cd24d5840ee275239efe5313af040d66fde |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ5.dll
| MD5 | d8308aa7cc08c3a56c9187029db56702 |
| SHA1 | f8a1b97e321660d814d4d01f03911f6da0caed9d |
| SHA256 | 850bb1419ab0c93d524284a6c9c15db69a1e5328e9f84f06bb27ba5efb8a65b8 |
| SHA512 | 0a6c757b3e5cfaf2de92e4f402dc97306a551244501d97a099ac2a586c7501f087fe7c82c8a81e95b4fea851a0690733c116345360b5dbeb343966fdbda08baa |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\DrvMgrUI.dll
| MD5 | 47e593bd9f923a22d98f02ceda6aa420 |
| SHA1 | 24861e317c5dbb60d780ce592b58379df6817baa |
| SHA256 | 4b885265c0f72a6df3ab6ba8ac5cb0cbaf7e8c1fb50c431e51e6a559eb4a27cc |
| SHA512 | ee84d60d019434e3d8f8f47ede08cd79e667b74070cc631783138eaa06f8cfd0088f0b0e6d657dfde458cbe3f63aaccc1e6b31cc0c9e6c37a38e06c66f3d9eb6 |
memory/3112-103-0x00000000772D0000-0x00000000772E0000-memory.dmp
memory/3112-102-0x0000000077192000-0x0000000077193000-memory.dmp
memory/3112-100-0x00000000772D0000-0x00000000772E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\SignHelper.dll
| MD5 | a60df7bdf1ab9583e8bf7b38f2eca0a3 |
| SHA1 | 528064b42f0470e785e896df67b41c6335f176a6 |
| SHA256 | 4c20f1868b4ee71cca4d399b947f7942460a4074f2942ba90f382c2476b96978 |
| SHA512 | 7fd219bf83e63dae70dfc79ad1978cefa4a9aec27b69f6e7f0b6e26678c988f8e4dda88f8d000cc20a1b0fdcdd69c24c56eab9a70c242630e902fe1b2d47eea2 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\pdown.dll
| MD5 | 48a849ff04150b2ec0836ab6bb32590a |
| SHA1 | 1f52bbcd5d124de15c27cf5ea84e14cb9a87f6a3 |
| SHA256 | ded09df700ef458322b6160edd39adb103c03cef3c6ffbce2ee096ce1fd33d62 |
| SHA512 | b0b23e540102b16c4ed9ac05f1ac353bf0d19e0c2b0880cec1fa2e9292030e1c5a75694176ac428c7de55588cf503ab36643d2db8c1fec3543daf3aeeb53a680 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\NetBridge.dll
| MD5 | 9d145902fb5b9a6da62ac85761434e31 |
| SHA1 | c817d77f59e3767d75cf5f5298d6b5711308f7e5 |
| SHA256 | 98d795d55329b1057f4fd590468e648a8c34b620207fd9a0a6953f3e98d1ea43 |
| SHA512 | bbb3109bcd5ded909bfdaeb7f4f006fc5928a9bc501bad5ae8ba9805bc0d924a2c4da8bbd215480db936d663852abd9b0435fa241a40224a4cd93c4b7aff79a9 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\MiniUI.dll
| MD5 | 043365f793b1672fc80aaebde3b22929 |
| SHA1 | be526a544e7af66b573b29ee7100374e9deb9a1f |
| SHA256 | 2bf36c7813e8410e2ef442158e4089f5c5fa512684848f421cd4b08f1eca1d23 |
| SHA512 | efb94e1447842254992f67ad2bcc8ebd1862894019e612d680a3b69a4ec9aaef787bddd155775842baf225b9dea05feaef37db26808fc8516851f995a0b62530 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\LiveUpd360.dll
| MD5 | e2ab61cd7dd7c8443719460140737b09 |
| SHA1 | d07424aaf894aa68bab5c7cc829e54f69f466338 |
| SHA256 | 0439f9f3a68e14ee28c718ac334f9318f97858ab5430e4fa2e82eb355ed446d6 |
| SHA512 | c608aa5fd10849f5efcc74ffb02bfc59c1cd943154b30f2e2174e30543708f3b92d020d39ae36b9dd2e90c2171863b5a610ab18248d430c974853fe0a810df60 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\dynlenv.dll
| MD5 | 61bda655c88ce843905ce63a2d5669e4 |
| SHA1 | 532304d12d6e1a740e01cf03b3439301d2c6c85d |
| SHA256 | fa7daa6a0e13f9112de63313caf4d06081aee0c7e79b5937cff0519bb4c0bbd4 |
| SHA512 | ad9c4f862747ff55ac506ea8b9d4a84a7d0c15d9cb8e9c987722141b9c33957d6aed44b59f0d85a068431ec2b85061b6c27d38011b8dca1675905aaaf6e37bf2 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\DrvmgrCore.dll
| MD5 | 4fc36faaa9b7c855c9f06ed6dadfdd6e |
| SHA1 | 3722a0512d53312fa77e9477906ef677616a37db |
| SHA256 | 1e6fcd8985cb5ec59d42dae04ec3cede86c1d423e139c0ce2f66722768e4ec02 |
| SHA512 | c976a88ab168564bbf993aa6eb20ddb1bbe13b6fd9044021b889aa24b5b83d65f4ddd08c8b8714f08fdde164657fc4a8e9c52306186dd7f1897d7f3576547ccc |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\DownloadMgr.dll
| MD5 | 29cf1d28db1a5c5d68b5e0cce6c81db0 |
| SHA1 | 84af3d92647f8068bf6b20c2fb1937a2c1d05bb0 |
| SHA256 | b4e3b9f375c360eec4fe7d811e0476a9a8a03fc632d890342e4c5db957ef481e |
| SHA512 | 1c5bc96d1f6ebd4d5abbc2d06fea90cf5509fb258f3e691507a3c7f1d351b230bdb2848a4d50f40bc258daa9823f920730860d6f203356d7b7584c03ccdca6ec |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\DIFxAPI_x86.dll
| MD5 | 1bd976dd77b31fe0f25708ad5c1351ae |
| SHA1 | 50d075688835df04484f0b93792a530cb47a1872 |
| SHA256 | b3c28941ceb057de44d9c322a38bb0f63c62d7ffbd91cf7970964413978f8eb7 |
| SHA512 | d58c2be88941c15214c51c59923437863a94db7b8080ead69017f7cce19d256dbe4d1d8498762476c75c26773dfba1aaff3bed615589ebf4b39df78df1b50b35 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\DataMgr.dll
| MD5 | cfd6ef9ed6c8585bb8b2b4a8e5b87af9 |
| SHA1 | 2c476cf6651a5f9b3846aaae3a4eb6dd6b33b7f9 |
| SHA256 | da1778e29b935609b2a686fab65e7903d2206c7468bdb1f9e2408ded03b3a6d0 |
| SHA512 | f7d4a8ecc31a8b25b396619f71047f00ae682c8950731467f6ccd98352c8c9f64fe33423464aed12a789143cc4f0d532e5a27fce476b3bcd7e79e00081d51688 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ2.dll
| MD5 | a75f38215a115f9260b58cdd935d7d81 |
| SHA1 | dbb7d9d7e69cd5f2f4cda49bebc0fd922316a866 |
| SHA256 | 102459b35d0b36f915b2cafc2e083d95f4e042815c732a2520dfb646efae4cd1 |
| SHA512 | 3eeacb82ed9e61d9dc8fec13c2f87fd07b90a5052dd1a3482ee4cdb5122db77587078e7966bf72d73b776973bac09f53f37081f4af0828f1a914c0cd31d03ce9 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ1.dll
| MD5 | 6dbf812d5b61f30a21ddccaec30b4452 |
| SHA1 | 4778e2d043ac593193e5e15056bb98bba564c246 |
| SHA256 | 197c529acff08fbc13b11010d95c270e50ddd867f783cfec598c5f831f847033 |
| SHA512 | 7b9506902c1d0a6b8b74e068be87a7d4fec8a96b3d1b05d06d533d4ef995abc7e2ce24a8d37e38b19b62ad5b316e10831c220df44360a15a6b89e18767bea699 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\atiags32.dll
| MD5 | a1f7d080d2a00a9ddca9a469c29663c0 |
| SHA1 | 9fa6b676b9509eead040415ca13a097118ae2175 |
| SHA256 | 81b7e8a1c0073f6b7c4188216a94e5ab6420844e1acb122d93fab4c6bc14eebe |
| SHA512 | eef12054ace42f07b05b371aa51164bbbfd65120b111e375eaec30537c232ae85022dd1bf424ed94a8d97eb216919cc5857e332029778b93faa8064555e4e07e |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\7za.dll
| MD5 | 34f4329522a2b16d1bc9ad4ab58d9fc1 |
| SHA1 | 04ec3c21a59a15a85b29bead3733f0ceccce8680 |
| SHA256 | fc07200668d45a640bbd5f6997851e31a20941fcb661f8e09469899becebdf8a |
| SHA512 | ab8efc3dee9319401634dc3d8e6fe8282dc14a6058cf923af2d69656e58ed3724cfd5d466801fcf0bf53510f5b3197986972240693e4b1bbdcc9ae562ae0eb6c |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360P2SP.dll
| MD5 | 75ae5114927b0200ea73e016211ae572 |
| SHA1 | 15ae658c082afcab51ade61b8ed6699a978b5e05 |
| SHA256 | 8e38aeb187edd59329007fe10d2b509e5566256e993a127902d57bac66b17346 |
| SHA512 | ae65e304fc669b98c5d137c4e7cba591e075b9d1b588af1d7eea2458776c29b2a2ccd06ea37aeb89d0cd0ebcb155aec7a6a0a842da4ac36f9b512049967e59fc |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360NetUL.dll
| MD5 | 240e9b9b2b3f2a134070b7d5084278d3 |
| SHA1 | a39ce3213f364ec8435833afa36619e6d6fd24b0 |
| SHA256 | 003e2f8225ae4bfe3487dea759c6e44176fb96ff89fb162904c7c923e9c78720 |
| SHA512 | 2cdd9cd946b4a6df110f22197290090c1b4b734c9b9120e6403866342b17c50cd8a71d566ff0f284a03b5202af9f06248de71da1314486dbed58a64225cf5745 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360NetBase.dll
| MD5 | 14c6b4bbd31f6fd13530bc941cc71d1a |
| SHA1 | ce4e38ac82a54f64d318507ddc28f9ffbb378f0f |
| SHA256 | 401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5 |
| SHA512 | c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360Base.dll
| MD5 | a73cf0457df35fab74ef3393d2766667 |
| SHA1 | c123e15967e7ab980eba5431a6993e646500befd |
| SHA256 | df411ebc1b4a652a3822de0cebd5a48151abb3dd99c8c3d15f858401b27243fd |
| SHA512 | faee2c8c3caf31ee2cceefadff4c442ef3aaed36fabf61a4217e1ba13b315808f09b575b5789ef7cc342cb16219afb4a1c4e7f7686ea8d079c9d7dd9ee782b90 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ScriptExecute.exe
| MD5 | 8b88753a733fd8fc0f12d2ea266b9afd |
| SHA1 | 2f9181e8ec946a1d0276e0c8b9a9b21bff3ad210 |
| SHA256 | 914dd14b89dc73afffaf8abb1d382cc16223e9049aa4437821e8759fc67ad417 |
| SHA512 | c545ca9b8ea7d6cd858737c904d8f9d003f44525e209bdabcad912def33279c848205fcbc727d81a266e61fffcb651915975e64686b9caedf2deb8b1e803129d |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\config\defaultskin\miniui.xml
| MD5 | 1c7fad425e4dc4787174876b6725c5de |
| SHA1 | 6bf7f9afb666636bea1cef7eca6ebc32f4b344a2 |
| SHA256 | ee451d9f3d84226bcd456f193e1e79ebfbd1f24b961b25770c40df93ee7ca494 |
| SHA512 | ab02ca7851e6a859244edea31b3cf931a14937ec9ad2274c49a1aedb5a258360f653d7d5e76b9c6166633c4c284db9be277ae584d89641a99da3c77564f8b57d |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\config\defaultskin\defaultskin.ui
| MD5 | 0cc06e728803d0cdeedda92e04313e6c |
| SHA1 | 62e897041bdbf18ca65f6c452abcb557e17c0ded |
| SHA256 | 3fb6414e92be15821c674a6e72295e75747e9734c827ac14e85479d4720f2b33 |
| SHA512 | 72afb68bf2078e459cf2e37481c61ff172dd224f5b089bf9903b0c55660aecfdcb98622c0b04fe88edae0e2e25c0eb640cffafc7343bbe5d67ef137397678936 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\config\config.xml
| MD5 | 583e167ba709fec11044409c6b09d04f |
| SHA1 | 27b363d8b5dee2df351a5d41e6f14b6156db190f |
| SHA256 | ea5f4faf853767718beef85023fcd9e13cca2127ebb3c17331903779db2916a0 |
| SHA512 | bebb16e99340d9264b7ae4cfd1562243a8cef688d3585968046c68020f19de587668485017f74368c20b686f5543bb319cc02665a3cdbb890eb47ffa4ce2a20e |
memory/3112-116-0x0000000003860000-0x0000000003861000-memory.dmp
C:\Users\Admin\AppData\Roaming\360DrvMgr\Config.ini
| MD5 | 6d63813c12ca56d6240cff46d9a46330 |
| SHA1 | 8d7f01db6d3bc11e730b0fd3b40635bf526c450b |
| SHA256 | 50291f46574a12702ea22f58928817ef88230c246149a13e2cc80447aa2e54c5 |
| SHA512 | 42623fd6583b80b75a2cb819c6a8c16b2c074ff09c8aa29d22e9678b1d53afe74700ef29624a0cd6f10ec5850a077ee6591a8d99ac9127bcbb03ac3e66249045 |
memory/3112-131-0x0000000003860000-0x0000000003861000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\360LibDrvmgr.dat
| MD5 | fa664c90f221342497fd9fcc2323b806 |
| SHA1 | d994329dc6e1ed71fb678717347ccab512680e13 |
| SHA256 | ef96ddf1fd0433df9bbff78c23505f884d86e580fcf86460ab2b5cd093cced6a |
| SHA512 | c4d6195f24c28c8b77c2918877f9eac829f01cf50513bd165924a5c955e5bd7d58cb675411ef00d6a1bcb274d37aafb171b5077f090b5ccbca35f7e1743616e6 |
C:\Users\Admin\AppData\Roaming\360DrvMgr\Config.ini
| MD5 | b9dda00ddd50e493a9e4b1579784e3ad |
| SHA1 | acb4c889470ebc77f269c8ec595e82f8ab5dea7a |
| SHA256 | 3315487b3059a495c8b7da278765e9df0c5a99b657fdc635146aafdf51278545 |
| SHA512 | 6efef6431a0c25210e28725620867621e8094fe84863447d05dbcb1ffeafbfe3e000989da7410ee31367419ec812a10ba507192c0153a005a527808edd2a3828 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZService.exe
| MD5 | ad763ec213bc25b1177dd8142154d182 |
| SHA1 | 9c7890c02c49938da3aa5980c5cd35d2d2070b76 |
| SHA256 | 2e6ca2547df1dad072329a8e2c0a93ad0448df58484750422306c011cc17dbd3 |
| SHA512 | ce403aa2e9ffa95f0d820cb9a9c7f4edd9a3decf9f8ab4e127cc877da936bba8598e8b6ff840dac25693b35b0772cb54afb9e65c431b8fd7d07e6561ce33bb3e |
memory/3752-150-0x00000000772D0000-0x00000000772E0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_B94B0F2F07332C3F5B6A37DB89E3F3B7
| MD5 | a647b290033a17f62fe4f70854806523 |
| SHA1 | 740b996286a175e2acff5fb839454ee2f5c8d692 |
| SHA256 | f9e54d780c4aa4d5de22e1030d5ba6c60b96d2a41685c5a5c3fccaed3a516b06 |
| SHA512 | 11e8951ff3d0ea6da2d02e64e8669fe3dfb6e95944c663e38135e8f7e262db88d137fa0942266039761516ff230c03c4144698992ae027a53cf1f33a472ecb6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_B94B0F2F07332C3F5B6A37DB89E3F3B7
| MD5 | b95c25c8459baa4c10c68b86452b7d28 |
| SHA1 | b0a67aa72ba7341e1d78a6f6f289ce58025187df |
| SHA256 | 1c8ae2d566d95aee27e35adab8261161ca94440a85e4dfb723de18e4bd22a994 |
| SHA512 | 12990ae833e3b3e29ad74e012e6a6b0cbfa193a072db3e0a139dfdb66e1ccb42ee23571056b5fd4c663ff8e16b9ad5773610602f74c34e1c9c533eda9587c2ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | 7b646af7de600b568577a5b28336c692 |
| SHA1 | fb4e21b620ad85246af0d237bfcf6283d8c2a6d7 |
| SHA256 | 515fdca51f7cc54b72f11eed34b54827f234bc74a8a873962555f94eb6bbae89 |
| SHA512 | 3d3029ece12ba9a5e06951a22f4b6b79b7ff43f4d3d135fa5a5657c4eeb27103a7bdc6c60c032a56c53ffcb1c90fa8a282792fdbbe7dd3a46053e9e18d9a1f3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | c1efd4e48753b6c7c82142bd5c279ff7 |
| SHA1 | 4628719cfb393ee5cb48a9165f88334f5bdc95d0 |
| SHA256 | e4b25e3b174f6ab2fad80a9a4c537d18056a23fee1910984a9723427eddd7d2f |
| SHA512 | cf996d4ad66b8e798589ac4bd203b7bfd536162003a3b515a06310cec4a38d273dd244428130d5418eb43e74bb8201d4fba73e15c1836f30adf5b3d57c946d45 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ.set
| MD5 | 9e245d2355575c33f98a2df2758ca02b |
| SHA1 | 5159aec49a07737a398b98eb7b144b6798663421 |
| SHA256 | 3a1ccc5933195aa6058cae3eee87201125635ac75d5b0884740638e0d4217ba7 |
| SHA512 | 5aa7c866f482d78099e266b4977a2f4fdc75d47daead76a842d54fa6568b7a24da210bbd7f68488b15d9ed0665523f7053dc0a58bf66f1aae4847e0dee630349 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ.set
| MD5 | af3d1eae08d4a84efc83fcc7fa5c4509 |
| SHA1 | 75b1cb01ae624e369b9c27b6754799c30434545e |
| SHA256 | 862f068871e0ff58c7e0ce96ac4698c96ee979c596b2ec6ae70839a8a3c89930 |
| SHA512 | 526f29daab5d170eb3ab5bc86578134e205c52a146b9481bf18a44851411560cab3e8ecf33ce251076837d04145524dd075217da05a7c19a3c2864dc4011296a |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ.set
| MD5 | 634d2d0ade861873fb010e7adc6d906c |
| SHA1 | 41aa77281e68a1c93c4343607895454e469658ca |
| SHA256 | e35ddba52a1b921a3ae8a9d94ec0ffbef9e51d78c097acf43738be5434f3694e |
| SHA512 | 77a0daecb6e4cdad4a2be0fc0f6b45b0eada9d68816d289e80009b744bb2fc3a96877014476b1edd6e85c19c748aa482e0a5f5cf974c13c76002f482add3dd1c |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ.set
| MD5 | 17e2ef28e2cb4e4f468b224d4f274e6b |
| SHA1 | cf7a6f8e5e6a181277bfb330353d9b214908157c |
| SHA256 | f6e246739063e27cc4750171a1e9ccc57c186a7fbdfd02ac616a0843bdb8d9b0 |
| SHA512 | 76b1eec272442a8034caa7b498d35740073c878fb0e656b38fccb6238de3f25db77b6617227079cb5e2ed63d7699a79bd626963e00d45906453b521c1cc106fc |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ.set
| MD5 | 964259d39663bdf75b07f9ae769b51d7 |
| SHA1 | 6cae031106a55500d3a4fa729e4b6c32d45bc3a1 |
| SHA256 | 0e1184fed8ed4d673f960a5a289c3d6a6c5a30ae78bc7e67ffd3af1592e7525b |
| SHA512 | 8d9529fe4b9c9101696c24375b3b648c777ffd4df1fba49af0e85c8ae284e8344edd9fee8d096a1309ead2bba715b738e985fbd9677e251fa47d969c12be2903 |
C:\Users\Admin\AppData\Local\Temp\~7333111046772601544\ComputerZ.set
| MD5 | ae7d6838b071f14d25b7f7e826915c59 |
| SHA1 | 7ce7fa08b198ae900dc1432853a423b9452e66f8 |
| SHA256 | 5fb26e7afd6006a4a183b14a0afed039303c6c2daa69938e79106071a05caf8a |
| SHA512 | d7dc8f04297b95be9fe8d77956665e796c05bfcc8e7ee8e0e865a5c4c793565e64dca7aa9b60f07e2127c61dc23e519a1c79f1a57e71cbe07932d75739569091 |