Malware Analysis Report

2025-08-10 20:05

Sample ID 250704-n7gbragr9w
Target 2025-07-04_ce38c0d6b68d7a370f98a2cb75b1681d_amadey_elex_rhadamanthys_smoke-loader_stop_tofsee
SHA256 9927197a93d932e9686892f3c6596cea43906bc78ee3b11a75fc1ca476ea770c
Tags
upx blackmoon banker defense_evasion discovery persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9927197a93d932e9686892f3c6596cea43906bc78ee3b11a75fc1ca476ea770c

Threat Level: Known bad

The file 2025-07-04_ce38c0d6b68d7a370f98a2cb75b1681d_amadey_elex_rhadamanthys_smoke-loader_stop_tofsee was found to be: Known bad.

Malicious Activity Summary

upx blackmoon banker defense_evasion discovery persistence spyware stealer trojan

Blackmoon family

Blackmoon, KrBanker

UAC bypass

Detect Blackmoon payload

Drops file in Drivers directory

Disables RegEdit via registry modification

Adds policy Run key to start application

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Checks whether UAC is enabled

Adds Run key to start application

Drops autorun.inf file

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 12:02

Signatures

Blackmoon family

blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 12:02

Reported

2025-07-04 12:04

Platform

win10v2004-20250610-en

Max time kernel

104s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ce38c0d6b68d7a370f98a2cb75b1681d_amadey_elex_rhadamanthys_smoke-loader_stop_tofsee.exe"

Signatures

Blackmoon family

blackmoon

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "C:\\Windows\\360\\360Safe\\deepscan\\ZhuDongFangYu.exe" C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Disableregistrytools = "1" C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\etc\hosts C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-07-04_ce38c0d6b68d7a370f98a2cb75b1681d_amadey_elex_rhadamanthys_smoke-loader_stop_tofsee.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
N/A N/A C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ZhuDongFangYu = "C:\\Windows\\360\\360Safe\\deepscan\\ZhuDongFangYu.exe" C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Drops autorun.inf file

Description Indicator Process Target
File created C:\autorun.inf C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\autorun.inf C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created D:\autorun.inf C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification D:\autorun.inf C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created F:\autorun.inf C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification F:\autorun.inf C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\logagent.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\newdev.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\regini.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\shrpubw.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\stordiag.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\SystemPropertiesRemote.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\bthudtask.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\esentutl.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\fsutil.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\LaunchWinApp.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\sdbinst.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\setupugc.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\sfc.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\wevtutil.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\CertEnrollCtrl.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\chkdsk.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\DWWIN.EXE C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\fontdrvhost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\Netplwiz.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\provlaunch.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\rasautou.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\wextract.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\msra.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\Robocopy.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\systeminfo.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\user.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\mmc.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\mtstocom.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\OneDriveSetup.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\Com\comrepl.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\charmap.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\net1.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\wbem\WmiPrvSE.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\GamePanel.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\prevhost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\SearchProtocolHost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\comp.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\HOSTNAME.EXE C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\wermgr.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\compact.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\dllhost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\efsui.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\EhStorAuthn.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\tttracer.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\verclsid.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\wbem\WinMgmt.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\ByteCodeGenerator.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\certutil.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\odbcconf.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\PresentationHost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\shutdown.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\wbem\WMIADAP.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\CloudNotifications.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\dtdump.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\fltMC.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\fontview.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\schtasks.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\WinRTNetMUAHostServer.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\CheckNetIsolation.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\colorcpl.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SysWOW64\eventvwr.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\WindowsCamera.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office16\OSPP.HTM C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.MicrosoftSolitaireCollection.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteshare.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge_pwa_launcher.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\cookie_exporter.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\notification_helper.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\msedge_pwa_launcher.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\notification_helper.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\Welcome.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingDevices.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\SpeechToTextOverlay64-Retail.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86296\javaw.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoasb.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files\Windows Media Player\wmpconfig.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstaller.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\codecpacks.webp.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..onagent-proxyobject_31bf3856ad364e35_10.0.19041.1_none_19667e7e60cb0ccd\RdpSaProxy.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_windowssearchengine_31bf3856ad364e35_7.0.19041.1151_none_f68db62a3702882b\f\SearchFilterHost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2ef4aab3bff561a\acr_error.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\403-12.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-1.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\XGpuEjectDialog.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_3f1cc1d15da468cf\tracerpt.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.19041.84_none_29cf9b86db5fb249\AuditShD.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_93adcfb5ace23a89\f\fixmapi.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-webcamexperience_31bf3856ad364e35_10.0.19041.746_none_5536c5683efe1dad\f\CameraSettingsUIHost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\sspr-frame-template.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-15.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\repost.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.19041.1_none_2537dd4c480ec91b\rasphone.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.19041.1_none_6a03b910ee7a4073\calc.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.546_none_f827f008f8832bd5\r\rasautou.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1081_none_38869341091832be\WMIADAP.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ieinstal_31bf3856ad364e35_11.0.19041.1_none_765fc5f6e37c509d\ieinstal.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\invalidcert.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\hstscerterror.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\r\ScreenClipping\ScreenClippingHost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\pdferrorquitapplicationguard.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.19041.1_none_9aa166e99861c2bc\query.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\Backup\amd64_microsoft-onecore-pnp-drvinst_31bf3856ad364e35_10.0.19041.1202_none_ca1e0a7a1f21274c_drvinst.exe_6593e92a C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\pdferrorneedcredentials.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.19041.746_none_72f50b15ab3c2aeb\ProximityUxHost.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1081_none_2e31e8eed4b770c3\f\mofcomp.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1081_none_ef39acce2648e404\r\WerFaultSecure.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\dnserror.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\http_500.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\unknownprotocol.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.844_none_ba2b07b5ed02761a\r\imecfmui.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.746_none_4028b8f4f6c0b829\wpr.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.19041.746_none_d848cc62b1883bca\f\cttunesvr.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-toggle-template.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\servicing\TrustedInstaller.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1_none_bf506ecc66a800df\poqexec.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\sspr-frame-template.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_10.0.19041.746_none_cabafbc5834ab93f\DisplaySwitch.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.19041.1110_none_ac2441dbb712f006\r\msra.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\http_500.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-driververifier-tools_31bf3856ad364e35_10.0.19041.1_none_76edadec5ba257b3\verifier.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.985_none_c3639a9e3ab1a351\f\WindowsSandbox.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_10.0.19041.746_none_69061189792bce34\r\cmd.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_3f1cc1d15da468cf\f\tracerpt.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-xbox-gamecallableui.appxmain_31bf3856ad364e35_10.0.19041.746_none_0119299746221375\f\XBox.TCUI.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.1_none_b4746d3aaf96ef0d\regedt32.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\x86_addinprocess32_b77a5c561934e089_10.0.19041.1_none_dae2223cd3e6f926\AddInProcess32.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\pdferror.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\404-15.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.173_none_38fc88f8cb913df1\r\winresume.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.19041.1266_none_bfb5312df2d5c960\f\WpcMon.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\Temp\PendingDeletes\ad40614236e5d701629700001815341f.UwfServicingShell.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-userinit_31bf3856ad364e35_10.0.19041.1_none_9c6e71eba56e4081\userinit.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobelocalngc-main.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\http_501.htm C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.19041.153_none_c8fbed52dad932cb\f\SysResetErr.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.19041.1202_none_05cd606e025d0d96\r\TrustedInstaller.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..snotificationbroker_31bf3856ad364e35_10.0.19041.153_none_42505a6de732f7ca\MusNotification.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_security-octagon-broker_31bf3856ad364e35_10.0.19041.546_none_380485edeba9f4c4\r\SgrmLpac.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.19041.1_none_a4f6113bccc284b7\reset.exe C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobeeula-main.html C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-04_ce38c0d6b68d7a370f98a2cb75b1681d_amadey_elex_rhadamanthys_smoke-loader_stop_tofsee.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_ce38c0d6b68d7a370f98a2cb75b1681d_amadey_elex_rhadamanthys_smoke-loader_stop_tofsee.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
Token: 33 N/A C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-04_ce38c0d6b68d7a370f98a2cb75b1681d_amadey_elex_rhadamanthys_smoke-loader_stop_tofsee.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_ce38c0d6b68d7a370f98a2cb75b1681d_amadey_elex_rhadamanthys_smoke-loader_stop_tofsee.exe"

C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe

"C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe

C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe

C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp

Files

memory/4444-0-0x0000000000400000-0x0000000000455000-memory.dmp

memory/4444-1-0x0000000000454000-0x0000000000455000-memory.dmp

C:\Windows\360\360Safe\deepscan\ZhuDongFangYu.exe

MD5 ce38c0d6b68d7a370f98a2cb75b1681d
SHA1 452b777e797a25bdfde6f673eb9df569e710183b
SHA256 9927197a93d932e9686892f3c6596cea43906bc78ee3b11a75fc1ca476ea770c
SHA512 d79a64a392ccb492623f0e02f5e38abb7bff18fff45b69ff1b97716942b4512849aed9dc34234549b50c9ffcf9990c9ec939b49ae78685f149b7ab59fc1cb76c

memory/4444-14-0x0000000000400000-0x0000000000455000-memory.dmp

memory/3220-15-0x0000000000400000-0x0000000000455000-memory.dmp

memory/212-36-0x0000000000400000-0x0000000000455000-memory.dmp

memory/3220-420-0x0000000000400000-0x0000000000455000-memory.dmp

C:\b77eca8a96ea76dc187791135e6117a4\2010_x64.log.html

MD5 052e2feb69c6ce2c8e895b0679b38f9b
SHA1 3b2b308840539d604520da2ac2855fc55b2d1a4e
SHA256 462f6cfb96948024dd246ea0c6ed1162cb3aca59391f8a1b353fdee360fc4889
SHA512 76fe05a1c8c6217f74857043baa543bcc3e464f1b29e7b053ae7f6fc6c045f974c392398932f17465e453209deba31d47765900a7c03b56c4267ddfbab79b758

memory/3220-572-0x0000000000400000-0x0000000000455000-memory.dmp