General Info

URL

https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini.exe

Full analysis
https://app.any.run/tasks/3e742e77-3a24-4847-aaa7-c672b29b7ce3
Verdict
Malicious activity
Analysis date
8/13/2019, 15:02:31
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • 360TS_Setup_Mini[1].exe (PID: 3492)
Changes settings of System certificates
  • 360TS_Setup_Mini[1].exe (PID: 3492)
Application was dropped or rewritten from another process
  • 360TS_Setup_Mini[1].exe (PID: 3492)
  • 360TS_Setup_Mini[1].exe (PID: 2916)
Adds / modifies Windows certificates
  • 360TS_Setup_Mini[1].exe (PID: 3492)
Executable content was dropped or overwritten
  • 360TS_Setup_Mini[1].exe (PID: 3492)
  • iexplore.exe (PID: 3640)
  • iexplore.exe (PID: 2632)
Low-level read access rights to disk partition
  • 360TS_Setup_Mini[1].exe (PID: 3492)
Connects to unusual port
  • 360TS_Setup_Mini[1].exe (PID: 3492)
Reads Internet Cache Settings
  • 360TS_Setup_Mini[1].exe (PID: 3492)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2632)
  • iexplore.exe (PID: 3640)
Reads settings of System Certificates
  • 360TS_Setup_Mini[1].exe (PID: 3492)
Changes internet zones settings
  • iexplore.exe (PID: 2632)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
40
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start drop and start start iexplore.exe iexplore.exe 360ts_setup_mini[1].exe no specs 360ts_setup_mini[1].exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2632
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\360ts_setup_mini[1].exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mlang.dll

PID
3640
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2632 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2916
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Qihoo 360 Technology Co. Ltd.
Description
360 Total Security Online Installer
Version
6, 6, 0, 1053
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\360ts_setup_mini[1].exe
c:\systemroot\system32\ntdll.dll

PID
3492
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Version:
Company
Qihoo 360 Technology Co. Ltd.
Description
360 Total Security Online Installer
Version
6, 6, 0, 1053
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\360ts_setup_mini[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mpr.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\peerdist.dll
c:\windows\system32\userenv.dll
c:\windows\system32\authz.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\firewallapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\users\admin\appdata\local\temp\{83baad77-28f1-4df1-9037-61a42535074b}.tmp\360p2sp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll

Registry activity

Total events
702
Read events
616
Write events
84
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2632
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{A56A6E93-BDCA-11E9-9885-5254004A04AF}
0
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307080002000D000D00020030006301
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307080002000D000D00020030006301
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307080002000D000D0002003000E001
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307080002000D000D0002003000FF01
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
74
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307080002000D000D0002003000BA02
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
28
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307080002000D000D0002003700EF0100000000
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePrefix
:2019081320190814:
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheLimit
8192
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheOptions
11
2632
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheRepair
0
3640
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3640
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814
3640
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CachePrefix
:2019081320190814:
3640
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheLimit
8192
3640
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheOptions
11
3640
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheRepair
0
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASAPI32
EnableFileTracing
0
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASAPI32
EnableConsoleTracing
0
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASAPI32
FileTracingMask
4294901760
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASAPI32
ConsoleTracingMask
4294901760
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASAPI32
MaxFileSize
1048576
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASAPI32
FileDirectory
%windir%\tracing
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASMANCS
EnableFileTracing
0
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASMANCS
EnableConsoleTracing
0
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASMANCS
FileTracingMask
4294901760
3492
360TS_Setup_Mini[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASMANCS
ConsoleTracingMask
4294901760
3492
360TS_Setup_Mini[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASMANCS
MaxFileSize
1048576
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360TS_Setup_Mini[1]_RASMANCS
FileDirectory
%windir%\tracing
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\360Safe\Liveup
mid
cfe1ce9b8f5123cc37f394accff90c49e593c1ef62585eeea14b615c6b4efcbe
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\LiveUpdate360
proxytype
1
3492
360TS_Setup_Mini[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3492
360TS_Setup_Mini[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Program Files\Mozilla Firefox\tobedeleted\mozfbe5d5f7-8112-4126-966a-cd1572113b1d
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\LiveUpdate360
Nat
3
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\LiveUpdate360
NatUpdate
1565701378
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\LiveUpdate360
NatWLan
1505469730
3492
360TS_Setup_Mini[1].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3492
360TS_Setup_Mini[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118
Blob
0400000001000000100000002C8F9F661D1890B147269D8E86828CA90F00000001000000140000001E427A3639CCE4C27E94B1777964CA289A722CAD09000000010000003E000000303C06082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B0601050507030806082B06010505070309620000000100000020000000D8E0FEBC1DB2E38D00940F37D27D41344D993E734B99D5656D9778D4D81436241400000001000000140000006DAA9B0987C4D0D422ED4007374D19F191FFDED31D000000010000001000000096F98B6E79A74810CE7D398A82F977780B000000010000000E000000430065007200740075006D0000000300000001000000140000006252DC40F71143A22FDE9EF7348E064251B181181900000001000000100000000B6CD9778E41AD67FD6BE0A6903710442000000001000000100300003082030C308201F4A0030201020203010020300D06092A864886F70D0101050500303E310B300906035504061302504C311B3019060355040A1312556E697A65746F2053702E207A206F2E6F2E311230100603550403130943657274756D204341301E170D3032303631313130343633395A170D3237303631313130343633395A303E310B300906035504061302504C311B3019060355040A1312556E697A65746F2053702E207A206F2E6F2E311230100603550403130943657274756D20434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CEB1C12ED34F7CCD25CE183E4FC48C6F806A73C85B51F89BD2DCBB005CB1A0FC7503EE81F088EE2352E9E615338DAC2D09C576F92B398089E4974B90A5A878F873437BA461B0D858CCE16C667E9CF3095E556384D5A8EFF3B12E3068B3C43CD8AC6E8D995A904E34DC369A8F818850B76D964209F3D795830D414BB06A6BF8FC0F7E629F67C4ED265F10260F084FF0A45728CE8FB8ED45F66EEE255DAA6E39BEE4932FD947A072EBFAA65BAFCA533FE20EC69656116EF7E966A926D87F9553ED0A8588BA4F29A5428C5EB6FC852000AA680BA11A85019CC446638288B622B1EEFEAA46597ECF352CD5B6DA5DF748331454B6EBD96FCECD88D6AB1BDA963B1D590203010001A3133011300F0603551D130101FF040530030101FF300D06092A864886F70D01010505000382010100B88DCEEFE714BACFEEB044926CB4393EA2846EADB82177D2D4778287E6204181EEE2F811B763D11737BE1976241C041A4CEB3DAA676F2DD4CDFE653170C51BA6020ABA607B6D58C29A49FE63320B6BE33AC0ACAB3BB0E8D309518C1083C634E0C52BE01AB66014276C32778CBCB27298CFCDCC3FB9C8244214D657FCE62643A91DE58090CE0354283EF73FD3F84DED6A0A3A93139B3B142313639C3FD1872779E54C51E301AD855D1A3BB1D57310A4D3F2BC6E64F55A5690A8C70E4C740F2E713BF7C847F4696F15F2115E831E9C7C52AEFD02DA12A8596718DBBC70DD9BB169ED80CE8940486A0E35CA29661521942CE8602A9B854A40F36B8A24EC06162C73

Files activity

Executable files
3
Suspicious files
2
Text files
10
Unknown types
4

Dropped files

PID
Process
Filename
Type
3492
360TS_Setup_Mini[1].exe
C:\Users\admin\AppData\Local\Temp\{83BAAD77-28F1-4df1-9037-61A42535074B}.tmp\360P2SP.dll
executable
MD5: fc1796add9491ee757e74e65cedd6ae7
SHA256: bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60
3640
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCO7KH10\360TS_Setup_Mini[1].exe
executable
MD5: 8634835cdfe4988536f89fdf61e15ab1
SHA256: 1a365375b1950eb631d7d09d6a42fd48b1203bde489c5d56d15ee14ea70f98fb
2632
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe
executable
MD5: 8634835cdfe4988536f89fdf61e15ab1
SHA256: 1a365375b1950eb631d7d09d6a42fd48b1203bde489c5d56d15ee14ea70f98fb
2632
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCO7KH10\360TS_Setup_Mini[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
3492
360TS_Setup_Mini[1].exe
C:\Users\admin\AppData\Local\Temp\[email protected]\setup.ini
––
MD5:  ––
SHA256:  ––
3492
360TS_Setup_Mini[1].exe
C:\Users\admin\AppData\Local\Temp\[email protected]
compressed
MD5: 22d609b42b815e1ddb03d271d925f312
SHA256: 538369da9e87554c3c73c6ca1d005d967adf2817ac982d56ebfb62ebf5932de7
3492
360TS_Setup_Mini[1].exe
C:\Users\admin\AppData\Local\Temp\[email protected]
––
MD5:  ––
SHA256:  ––
3492
360TS_Setup_Mini[1].exe
C:\Users\admin\AppData\Local\Temp\[email protected]
––
MD5:  ––
SHA256:  ––
3492
360TS_Setup_Mini[1].exe
C:\Users\admin\AppData\Local\Temp\{871444B8-5470-43ec-A6AE-5345BC523305}.tmp
image
MD5: b1ddd3b1895d9a3013b843b3702ac2bd
SHA256: 46cda5ad256bf373f5ed0b2a20efa5275c1ffd96864c33f3727e76a3973f4b3c
3492
360TS_Setup_Mini[1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\opera[1]
text
MD5: 2563933634f709b30f8bdbea754d38b7
SHA256: aa6bd2ef168ab7876f4fae6a513c2ccc202afe3ff3dff268068dea0ced6c64dd
3492
360TS_Setup_Mini[1].exe
C:\Users\admin\AppData\Local\Temp\{16317D66-02BD-47d2-8D7A-89467AB3D728}.tmp
––
MD5:  ––
SHA256:  ––
2632
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814\index.dat
dat
MD5: 431518ac26a1eec593a0f5960bd26803
SHA256: baeca6b5f7173bea7c33f99cb7934e008abc5968df23f70b9a936b2864aefd0d
3640
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814\index.dat
dat
MD5: 084527b97008b4c07b173e8e41072e40
SHA256: 248e3bde063403b903ae90278157d5762b11e5c2ad30bf385aa1f19bcc75589c
3640
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 16a17a766c2c27dedb8e95597259d698
SHA256: b4353513391269ba12914a84b70ed5a9305deb8a0dede8e6fd2f0b86312a1f6e
3640
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HBM3IT5B\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2632
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2632
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A56A6E93-BDCA-11E9-9885-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3640
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 80a9b3e7af927a2a6f3e29d349154050
SHA256: ed9c7e532188258ddf099311ca3cdfddb5f3256700e2562da9088229c3c00b23
2632
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A56A6E94-BDCA-11E9-9885-5254004A04AF}.dat
binary
MD5: dd7cbb5b82cfd57ecf3ff98665a15319
SHA256: 28c8796653a54f85a6baa9143866f8f74d7710fc128cad8824b682dd3a6a80b0
2632
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFBCA295DC12D54E33.TMP
––
MD5:  ––
SHA256:  ––
2632
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2632
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2632
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3640
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWY33GZO\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3640
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MJLZSRUI\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3640
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 3c9b052570a4af42690379c8fbc9d923
SHA256: f67cf5338ec0fa2476da6a15006bd41b3ed8d6fe01fb5d5a258794aaf4a3daa5
3640
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCO7KH10\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2632
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF0910F29DF0E404A0.TMP
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
14
TCP/UDP connections
37
DNS requests
9
Threats
6

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2632 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3492 360TS_Setup_Mini[1].exe GET 200 18.184.178.29:80 http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1053&pid=101&os=6.1&mid=cfe1ce9b8f5123cc37f394accff90c49&state=153 US
––
––
unknown
3492 360TS_Setup_Mini[1].exe GET 200 5.254.23.114:80 http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab RO
compressed
unknown
3492 360TS_Setup_Mini[1].exe GET 200 18.184.178.29:80 http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=cfe1ce9b8f5123cc37f394accff90c49&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=655&tdl=655&tds=655&terr=0&tes=Status|1,ErrorCode|0,DnCount|3,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|655,P2PS|0,PDMode|2&tfl=655&tp=t&tst=1&ttdl=655&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS US
––
––
unknown
3492 360TS_Setup_Mini[1].exe GET –– 104.192.108.21:80 http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe US
––
––
malicious
3492 360TS_Setup_Mini[1].exe GET 200 13.35.254.218:80 http://sd.p.360safe.com/12B38B9A9007822577C031E4F55CF2105EBA139A.trt US
torrent
whitelisted
3492 360TS_Setup_Mini[1].exe GET –– 104.192.108.21:80 http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe US
––
––
malicious
3492 360TS_Setup_Mini[1].exe GET –– 104.192.108.21:80 http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe US
––
––
malicious
3492 360TS_Setup_Mini[1].exe GET –– 104.192.108.21:80 http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe US
––
––
malicious
3492 360TS_Setup_Mini[1].exe GET –– 104.192.108.21:80 http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe US
––
––
malicious
3492 360TS_Setup_Mini[1].exe GET –– 104.192.108.21:80 http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe US
––
––
malicious
3492 360TS_Setup_Mini[1].exe GET –– 104.192.108.21:80 http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe US
––
––
malicious
3492 360TS_Setup_Mini[1].exe GET –– 104.192.108.21:80 http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe US
––
––
malicious
3492 360TS_Setup_Mini[1].exe GET –– 104.192.108.21:80 http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe US
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2632 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3640 iexplore.exe 5.254.23.114:443 RO unknown
3492 360TS_Setup_Mini[1].exe 54.77.42.29:3478 Amazon.com, Inc. IE unknown
3492 360TS_Setup_Mini[1].exe 5.254.23.114:80 RO unknown
3492 360TS_Setup_Mini[1].exe 18.184.178.29:80 US unknown
3492 360TS_Setup_Mini[1].exe 82.145.215.152:443 Opera Software AS –– unknown
–– –– 52.214.9.152:3478 Amazon.com, Inc. IE unknown
–– –– 89.187.165.34:20703 O2 Czech Republic, a.s. CZ unknown
3492 360TS_Setup_Mini[1].exe 54.76.174.118:80 Amazon.com, Inc. IE unknown
–– –– 105.102.209.24:10034 Telecom Algeria DZ unknown
3492 360TS_Setup_Mini[1].exe 200.84.136.220:8090 CANTV Servicios, Venezuela VE unknown
3492 360TS_Setup_Mini[1].exe 186.93.117.97:10097 CANTV Servicios, Venezuela VE unknown
–– –– 197.57.145.179:22918 TE-AS EG unknown
–– –– 109.242.171.85:10006 Wind Hellas Telecommunications SA GR unknown
–– –– 95.85.100.129:8065 State Company of Electro Communications Turkmentelecom TM unknown
3492 360TS_Setup_Mini[1].exe 104.192.108.21:80 Beijing Qihu Technology Company Limited US suspicious
3492 360TS_Setup_Mini[1].exe 104.192.108.18:80 Beijing Qihu Technology Company Limited US suspicious
3492 360TS_Setup_Mini[1].exe 13.35.254.218:80 US unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
free.360totalsecurity.com 5.254.23.114
unknown
st.p.360safe.com 54.77.42.29
unknown
s.360safe.com 18.184.178.29
52.29.179.141
unknown
iup.360safe.com 5.254.23.114
unknown
tr.p.360safe.com 54.76.174.118
unknown
orion.ts.360.com 82.145.215.152
unknown
int.down.360safe.com 104.192.108.18
104.192.108.21
malicious
sd.p.360safe.com 13.35.254.218
13.35.254.32
13.35.254.27
13.35.254.195
whitelisted

Threats

PID Process Class Message
3492 360TS_Setup_Mini[1].exe Generic Protocol Command Decode ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
3492 360TS_Setup_Mini[1].exe Generic Protocol Command Decode ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false)
3492 360TS_Setup_Mini[1].exe Generic Protocol Command Decode ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true)
–– –– Generic Protocol Command Decode ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
–– –– Generic Protocol Command Decode ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
3492 360TS_Setup_Mini[1].exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

No debug info.